Date: Tue, 22 Feb 2000 10:10:11 +0200 (SAST) From: Khetan Gajjar <khetan@uunet.co.za> To: Kris Kennaway <kris@FreeBSD.org> Cc: ports@FreeBSD.org Subject: Re: Hylafax port status Message-ID: <Pine.BSF.4.21.0002221009190.480-100000@bofh.ops.uunet.co.za> In-Reply-To: <Pine.BSF.4.21.0002211404090.25667-200000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Around Yesterday, "Kris Kennaway" wrote : KK> > I've checked the Hylafax page, but there don't appear to be any KK> > patches forthcoming. KK> KK> The hylafax guys really don't seem to care about the security of their KK> product, which is a shame since as far as I can tell it fills a niche. I know, it is poor :-( KK> Alexander Langer just sent me this patch which claims to address all the KK> instances of unsafe sprintf/strcat/strcpy buffers. I havent reviewed it KK> yet and wont be before 4.0, but you might like to try it out if you want It fails to build all the binaries (on my -current) box. KK> to use hylafax but arent comfortable with the current security status KK> (remember, it's only known to be vulnerable to a local exploit - I dont KK> know if it even listens on the network). If it's a local exploit, then it's not an issue. It does listen on the network (or can). Khetan Gajjar. --- khetan@uunet.co.za * khetan@os.org.za * PGP Key, contact UUNET South Africa * FreeBSD enthusiast * details and other http://www.uunet.co.za * http://www.freebsd.org * information at System Administration * http://office.os.org.za * kg+details@uunet.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002221009190.480-100000>