From owner-freebsd-security Fri Jan 28 2: 7:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 17D2814D92; Fri, 28 Jan 2000 02:07:33 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id CAA10417; Fri, 28 Jan 2000 02:36:42 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id CAA60674; Fri, 28 Jan 2000 02:36:55 -0700 (MST) Message-Id: <200001280936.CAA60674@harmony.village.org> To: Kris Kennaway Subject: Re: delegate buffer overflow (ports) Cc: Masafumi NAKANE , serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG In-reply-to: Your message of "Fri, 28 Jan 2000 00:55:54 PST." References: Date: Fri, 28 Jan 2000 02:36:54 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Kris Kennaway writes: : ************************************** : ** WARNING!!! WARNING!!! WARNING!!! ** : ************************************** : : THIS PORT CONTAINS KNOWN SECURITY HOLES WHICH ALLOW A REMOTE ATTACKER TO : EASILY TAKE CONTROL OF YOUR MACHINE. YOU INSTALL THIS PORT AT YOUR OWN : RISK!! DON'T COME CRYING TO US IF YOU GET ROOTED BECAUSE OF INSTALLING : THIS PORT. : : Do you want hackers to be able to take remote control of your : machine? (y/N): : : then I guess I have no problem with it :-) I think that your questions are too mildly worded. :-) Something more like the following might be acceptible to me :-) ************************************** ** WARNING!!! WARNING!!! WARNING!!! ** ************************************** THIS PORT CONTAINS KNOWN SECURITY HOLES WHICH ALLOW A REMOTE ATTACKER TO EASILY TAKE CONTROL OF YOUR MACHINE. YOU INSTALL THIS PORT AT YOUR OWN RISK!! DON'T COME CRYING TO US IF YOU GET ROOTED BECAUSE OF INSTALLING THIS PORT. DO NOT INSTALL THIS MACHINE THAT YOU CARE ABOUT. YOU ARE STRONGLY ENCOURAGED NOT TO INSTALL THIS PORT. BAD THINGS WILL HAPPEN TO YOU AND YOUR CHILDREN UNTO THE SEVENTH GENERATION IF YOU INSTALL THIS PORT. PLAGUES OF LOCUS WILL DESEND FROM THE SKY. YOUR LIVE MOPPING UP FROM THE HACKER PENETRAIONS WILL BE A NIGHTMARE. ************************************** ** WARNING!!! WARNING!!! WARNING!!! ** ************************************** To proceed, type "I want hackers to be able to remotely control my system." -->I want hackers to be able to remotely control my system OK. We're not sure about this. Please reconsider. If you are still insistant about it, type "I'm stupid and I really want this package installed" now. -->I'm stupid and I really wnat this package installed Can't we talk you out of it? IF not, say proceed: --> Proceed ************************************** ** WARNING!!! WARNING!!! WARNING!!! ** ************************************** YOU HAVE BEEN WARNED. YOUR SYSTEM WILL NEVER BE SECURE AGAIN UNTIL YOU REMOVE THIS PACKAGE. ************************************** ** WARNING!!! WARNING!!! WARNING!!! ** ************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message