Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Jan 2000 13:52:56 +0300
From:      3APA3A <3APA3A@SECURITY.NNOV.RU>
To:        Warner Losh <imp@village.org>
Cc:        Kris Kennaway <kris@hub.freebsd.org>, Masafumi NAKANE <max@wide.ad.jp>, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG
Subject:   Re[2]: delegate buffer overflow (ports)
Message-ID:  <18578.000128@sandy.ru>
In-Reply-To: <200001280936.CAA60674@harmony.village.org>
References:  <200001280936.CAA60674@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello Warner Losh,

Another  one  quite  good  solution  may  be  to  maintain the page on
FreeBSD.ORG  with  current security status for every port (known bugs,
potential  bugs,  known  exploits, known accidents, both confirmed and
unconfirmed  and  risk  level  for  local  and remote security, latest
releases  and patches). Of cause it makes a lot of additional work for
FreeBSD   team,   but  IMHO  if  some  port  is  included  in  FreeBSD
distribution,  FreeBSD  team  should have some response for this port,
and  this fact should eliminate including of unchecked software. Users
should  be  recommended  to  check  the  status  of  the  port  before
installing.  Ports  with  high  security risk shouldn't be included at
all.


28.01.2000 12:36, you wrote: delegate buffer overflow (ports);

W> THIS PORT CONTAINS KNOWN SECURITY HOLES WHICH ALLOW A REMOTE ATTACKER
W> TO EASILY TAKE CONTROL OF YOUR MACHINE. YOU INSTALL THIS PORT AT YOUR
W> OWN RISK!! DON'T COME CRYING TO US IF YOU GET ROOTED BECAUSE OF
W> INSTALLING THIS PORT.  DO NOT INSTALL THIS MACHINE THAT YOU CARE
W> ABOUT.  YOU ARE STRONGLY ENCOURAGED NOT TO INSTALL THIS PORT.  BAD
W> THINGS WILL HAPPEN TO YOU AND YOUR CHILDREN UNTO THE SEVENTH
W> GENERATION IF YOU INSTALL THIS PORT.  PLAGUES OF LOCUS WILL DESEND
W> FROM THE SKY.  YOUR LIVE MOPPING UP FROM THE HACKER PENETRAIONS WILL
W> BE A NIGHTMARE.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18578.000128>