From owner-freebsd-security Fri Jan 28 0:55:57 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id B896715A34; Fri, 28 Jan 2000 00:55:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A6FF01CD6D7; Fri, 28 Jan 2000 00:55:54 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Fri, 28 Jan 2000 00:55:54 -0800 (PST) From: Kris Kennaway To: Masafumi NAKANE Cc: serg@dor.zaural.ru, freebsd-security@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: delegate buffer overflow (ports) In-Reply-To: <877lgufvc3.wl@fr.aslm.rim.or.jp> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 28 Jan 2000, Masafumi NAKANE wrote: > Instead, I will make this port to ask the user if he/she really wants > to continue the installation with the security information at > ``pkg_add'', ``make pre-fetch'' and ``make install'' times. This Hmm. If this is along the lines of: ************************************** ** WARNING!!! WARNING!!! WARNING!!! ** ************************************** THIS PORT CONTAINS KNOWN SECURITY HOLES WHICH ALLOW A REMOTE ATTACKER TO EASILY TAKE CONTROL OF YOUR MACHINE. YOU INSTALL THIS PORT AT YOUR OWN RISK!! DON'T COME CRYING TO US IF YOU GET ROOTED BECAUSE OF INSTALLING THIS PORT. Do you want hackers to be able to take remote control of your machine? (y/N): then I guess I have no problem with it :-) Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message