Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 28 Jan 2000 18:24:55 -0700
From:      Warner Losh <imp@village.org>
To:        3APA3A <3APA3A@SECURITY.NNOV.RU>
Cc:        Kris Kennaway <kris@hub.freebsd.org>, Masafumi NAKANE <max@wide.ad.jp>, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG
Subject:   Re: Re[2]: delegate buffer overflow (ports) 
Message-ID:  <200001290124.SAA65757@harmony.village.org>
In-Reply-To: Your message of "Fri, 28 Jan 2000 13:52:56 %2B0300." <18578.000128@sandy.ru> 
References:  <18578.000128@sandy.ru>  <200001280936.CAA60674@harmony.village.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
In message <18578.000128@sandy.ru> 3APA3A writes:
: Another  one  quite  good  solution  may  be  to  maintain the page on
: FreeBSD.ORG  with  current security status for every port (known bugs,
: potential  bugs,  known  exploits, known accidents, both confirmed and
: unconfirmed  and  risk  level  for  local  and remote security, latest
: releases  and patches). Of cause it makes a lot of additional work for
: FreeBSD   team,   but  IMHO  if  some  port  is  included  in  FreeBSD
: distribution,  FreeBSD  team  should have some response for this port,
: and  this fact should eliminate including of unchecked software. Users
: should  be  recommended  to  check  the  status  of  the  port  before
: installing.  Ports  with  high  security risk shouldn't be included at
: all.

Kris and I have talked about doing something like this, and he'll
likely start on something like this after 4.0-R is golden.  I'm not
sure exactly what form it will take, but Kris will certainly know.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001290124.SAA65757>