From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 18:02:17 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CABFB106566C for ; Sun, 20 Apr 2008 18:02:17 +0000 (UTC) (envelope-from hackware@tru2life.net) Received: from ns3.tru2life.net (adsl-69-232-26-38.dsl.snfc21.pacbell.net [69.232.26.38]) by mx1.freebsd.org (Postfix) with ESMTP id 973508FC1B for ; Sun, 20 Apr 2008 18:02:17 +0000 (UTC) (envelope-from hackware@tru2life.net) Received: from ns3.tru2life.net (localhost [127.0.0.1]) by ns3.tru2life.net (8.13.6/8.13.6) with ESMTP id m3KIvSPu018775 for ; Sun, 20 Apr 2008 11:57:29 -0700 (PDT) (envelope-from hackware@tru2life.net) Received: (from hackware@localhost) by ns3.tru2life.net (8.13.6/8.13.6/Submit) id m3KIvSgB018774; Sun, 20 Apr 2008 11:57:28 -0700 (PDT) (envelope-from hackware@ns3.tru2life.net) From: "William O. Yates" To: freebsd-security@freebsd.org Cc: X-Originating-IP: 192.168.1.64 X-Mailer: Usermin 1.340 Message-Id: <1208717847.18770@ns3.tru2life.net> Date: Sun, 20 Apr 2008 11:57:27 -0700 (PDT) X-Mailman-Approved-At: Sun, 20 Apr 2008 18:45:39 +0000 Subject: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "William O. Yates" List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 18:02:17 -0000 Recently started using vi macros. When attempting to use one which accessed the external shell, got the following message: "The ! command is not supported when the secure edit option is set." When attempting to ":set nosecure" got: "set: the secure option may not be turned off." When attempting to "set nosecure" in my .exrc file, got: set nonumber .exrc, 44: set: the secure option may not be turned off .exrc, 44: Ex command failed: pending commands discarded Looking through all the man pages, vi references, tutorials, and the the oreilly vi "bible", can't find anything... Is "set secure" a compiled in setting? >From FreeBSD vi man page: -S Run with the secure edit option set, disallowing all access to external programs. and secure [off] Turns off all access to external programs. ..william.o.yates...hackware.at.tru2life.net...tru2life.info... From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 20:32:41 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 221E4106564A for ; Sun, 20 Apr 2008 20:32:41 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.240]) by mx1.freebsd.org (Postfix) with ESMTP id D0CE28FC0A for ; Sun, 20 Apr 2008 20:32:40 +0000 (UTC) (envelope-from minimarmot@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so437373anc.13 for ; Sun, 20 Apr 2008 13:32:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=rtWouFSxYHk/2fqPXJnXAOlPCshda54kQw1MD4HE3wk=; b=vBgnFF2X+Iv8NOOnFPGnlyQqxhtTI8okRVL1SGMfV7zmqWiHELLM4cYMSC8lkQKBwU02hk5RS32oYNSjhzWVfKfm0qz39scopJKE6gZuHrj/HLg1YuusidOAI3lk/6qrShKNoPObQDwFQsooHRi/8dBt4ZDTkmmrRgqg3BMK41I= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=sbqzakAf22rV3Avs2edUbx6IwmiRXt3HwqdrGzvmzLn1RDO4X4NwLi0FXiG18cDIa3Gij4/37AQh/NSxkjQvYG0VG79Vlpa5DXuB6wCO4YD+NbmH272R5MnO7fiAji7L7rW0yXDseKxyd9+5aVoaUSgV4mDBiLa/YS70oNi7a2E= Received: by 10.100.41.9 with SMTP id o9mr10543108ano.42.1208723560111; Sun, 20 Apr 2008 13:32:40 -0700 (PDT) Received: by 10.100.214.9 with HTTP; Sun, 20 Apr 2008 13:32:40 -0700 (PDT) Message-ID: <47d0403c0804201332y746d79e9x741a5605ddde1e@mail.gmail.com> Date: Sun, 20 Apr 2008 16:32:40 -0400 From: "Ben Kaduk" To: "William O. Yates" In-Reply-To: <1208717847.18770@ns3.tru2life.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1208717847.18770@ns3.tru2life.net> Cc: freebsd-security@freebsd.org Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 20:32:41 -0000 On 4/20/08, William O. Yates wrote: > Recently started using vi macros. > > When attempting to use one which accessed the external shell, got the following message: > > "The ! command is not supported when the secure edit option is set." > Are you running vi as root? I believe that will automatically set secure mode. -Ben Kaduk From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 21:03:03 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D924E106566C for ; Sun, 20 Apr 2008 21:03:03 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp4.versatel.nl (smtp4.versatel.nl [62.58.50.91]) by mx1.freebsd.org (Postfix) with ESMTP id 4A9408FC2C for ; Sun, 20 Apr 2008 21:03:02 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 32136 invoked by uid 0); 20 Apr 2008 20:36:21 -0000 Received: from ip83-113-174-82.adsl2.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp4.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 20 Apr 2008 20:36:21 -0000 Received: by istud.quis.cx (Postfix, from userid 100) id E19A539864; Sun, 20 Apr 2008 22:36:20 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on istud.quis.cx X-Spam-Level: X-Spam-Status: No, score=-3.9 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.4 Received: from [192.168.1.4] (ille [192.168.1.4]) by istud.quis.cx (Postfix) with ESMTP id 7B76D39860; Sun, 20 Apr 2008 22:36:18 +0200 (CEST) Message-ID: <480BA940.6060006@quis.cx> Date: Sun, 20 Apr 2008 22:36:16 +0200 From: Jille User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Ben Kaduk References: <1208717847.18770@ns3.tru2life.net> <47d0403c0804201332y746d79e9x741a5605ddde1e@mail.gmail.com> In-Reply-To: <47d0403c0804201332y746d79e9x741a5605ddde1e@mail.gmail.com> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, "William O. Yates" Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 21:03:03 -0000 Ben Kaduk wrote: > On 4/20/08, William O. Yates wrote: >> Recently started using vi macros. >> >> When attempting to use one which accessed the external shell, got the following message: >> >> "The ! command is not supported when the secure edit option is set." >> > > Are you running vi as root? I believe that will automatically set secure mode. > > -Ben Kaduk On my FreeBSD 6.3 vi doesn't auto-enable secure mode when run as root. -- Jille From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 21:16:29 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4539F1065675 for ; Sun, 20 Apr 2008 21:16:29 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id CC73A8FC1D for ; Sun, 20 Apr 2008 21:16:28 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m3KLGBDQ075956; Sun, 20 Apr 2008 16:16:11 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080420161535.025a97f8@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sun, 20 Apr 2008 16:15:59 -0500 To: Jille , Ben Kaduk From: Derek Ragona In-Reply-To: <480BA940.6060006@quis.cx> References: <1208717847.18770@ns3.tru2life.net> <47d0403c0804201332y746d79e9x741a5605ddde1e@mail.gmail.com> <480BA940.6060006@quis.cx> Mime-Version: 1.0 X-Antivirus: avast! (VPS 080420-0, 04/20/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93/6806/Wed Apr 16 15:50:16 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m3KLGBDQ075956 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, "William O. Yates" Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 21:16:29 -0000 At 03:36 PM 4/20/2008, Jille wrote: >Ben Kaduk wrote: >>On 4/20/08, William O. Yates wrote: >>>Recently started using vi macros. >>> >>> When attempting to use one which accessed the external shell, got the >>> following message: >>> >>> "The ! command is not supported when the secure edit option is set." >>Are you running vi as root? I believe that will automatically set secure >>mode. >>-Ben Kaduk > >On my FreeBSD 6.3 vi doesn't auto-enable secure mode when run as root. > >-- Jille Same for mine on 7.0 -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 21:25:11 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BC2C1065671 for ; Sun, 20 Apr 2008 21:25:11 +0000 (UTC) (envelope-from hackware@tru2life.net) Received: from ns3.tru2life.net (adsl-69-232-26-38.dsl.snfc21.pacbell.net [69.232.26.38]) by mx1.freebsd.org (Postfix) with ESMTP id 03B718FC1C for ; Sun, 20 Apr 2008 21:25:10 +0000 (UTC) (envelope-from hackware@tru2life.net) Received: from ns3.tru2life.net (localhost [127.0.0.1]) by ns3.tru2life.net (8.13.6/8.13.6) with ESMTP id m3KMtPGw019537 for ; Sun, 20 Apr 2008 15:55:26 -0700 (PDT) (envelope-from hackware@tru2life.net) Received: (from hackware@localhost) by ns3.tru2life.net (8.13.6/8.13.6/Submit) id m3KMtOBk019536; Sun, 20 Apr 2008 15:55:24 -0700 (PDT) (envelope-from hackware@ns3.tru2life.net) From: "William O. Yates" To: freebsd-security@freebsd.org Cc: X-Originating-IP: 192.168.1.64 X-Mailer: Usermin 1.340 Message-Id: <1208732123.19532@ns3.tru2life.net> In-Reply-To: <47d0403c0804201332y746d79e9x741a5605ddde1e@mail.gmail.com> Date: Sun, 20 Apr 2008 15:55:24 -0700 (PDT) X-Mailman-Approved-At: Sun, 20 Apr 2008 22:23:50 +0000 Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "William O. Yates" List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 21:25:11 -0000 On 20/Apr/2008 13:32 Ben Kaduk wrote .. > On 4/20/08, William O. Yates wrote: > > Recently started using vi macros. > > > > When attempting to use one which accessed the external shell, got the following > message: > > > > "The ! command is not supported when the secure edit option is set." > > > > Are you running vi as root? I believe that will automatically set secure mode. > > -Ben Kaduk Yes, running as root (toor actually)... ns1:/usr/local/interchange/catalogs/store> uname -a FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 ns1:/usr/local/interchange/catalogs/store> ..william.o.yates...hackware.at.tru2life.net...tru2life.info... From owner-freebsd-security@FreeBSD.ORG Sun Apr 20 23:36:59 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45AAD1065675 for ; Sun, 20 Apr 2008 23:36:59 +0000 (UTC) (envelope-from jille@quis.cx) Received: from smtp1.versatel.nl (smtp1.versatel.nl [62.58.50.88]) by mx1.freebsd.org (Postfix) with ESMTP id 9E3DC8FC29 for ; Sun, 20 Apr 2008 23:36:57 +0000 (UTC) (envelope-from jille@quis.cx) Received: (qmail 19736 invoked by uid 0); 20 Apr 2008 23:36:54 -0000 Received: from ip83-113-174-82.adsl2.versatel.nl (HELO istud.quis.cx) ([82.174.113.83]) (envelope-sender ) by smtp1.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 20 Apr 2008 23:36:54 -0000 Received: by istud.quis.cx (Postfix, from userid 100) id 11C2339866; Mon, 21 Apr 2008 01:36:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on istud.quis.cx X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.4 Received: from [192.168.1.10] (unknown [192.168.1.10]) by istud.quis.cx (Postfix) with ESMTP id 2790139864; Mon, 21 Apr 2008 01:36:50 +0200 (CEST) Message-ID: <480BD392.1050306@quis.cx> Date: Mon, 21 Apr 2008 01:36:50 +0200 From: Jille User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: "William O. Yates" References: <1208732123.19532@ns3.tru2life.net> In-Reply-To: <1208732123.19532@ns3.tru2life.net> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Apr 2008 23:36:59 -0000 Does one of the following files enables secure mode? /etc/vi.exrc $HOME/.nexrc $HOME/.exrc .nexrc .exrc Those are the vi-startup files (as stated by the manpage) -- Jille William O. Yates schreef: > On 20/Apr/2008 13:32 Ben Kaduk wrote .. > >> On 4/20/08, William O. Yates wrote: >> >>> Recently started using vi macros. >>> >>> When attempting to use one which accessed the external shell, got the following >>> >> message: >> >>> "The ! command is not supported when the secure edit option is set." >>> >>> >> Are you running vi as root? I believe that will automatically set secure mode. >> >> -Ben Kaduk >> > > Yes, running as root (toor actually)... > > ns1:/usr/local/interchange/catalogs/store> uname -a > FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > ns1:/usr/local/interchange/catalogs/store> > > ..william.o.yates...hackware.at.tru2life.net...tru2life.info... > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Mon Apr 21 08:04:26 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1534A106566B for ; Mon, 21 Apr 2008 08:04:26 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 27BCC8FC2B for ; Mon, 21 Apr 2008 08:04:24 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m3KK9FGn030747; Sun, 20 Apr 2008 15:09:16 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080420150707.025abec0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Sun, 20 Apr 2008 15:09:03 -0500 To: "William O. Yates" , freebsd-security@freebsd.org From: Derek Ragona In-Reply-To: <1208717847.18770@ns3.tru2life.net> References: <1208717847.18770@ns3.tru2life.net> Mime-Version: 1.0 X-Antivirus: avast! (VPS 080420-0, 04/20/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93/6806/Wed Apr 16 15:50:16 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m3KK9FGn030747 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: vi secure X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Apr 2008 08:04:26 -0000 At 01:57 PM 4/20/2008, William O. Yates wrote: >Recently started using vi macros. > >When attempting to use one which accessed the external shell, got the >following message: > >"The ! command is not supported when the secure edit option is set." > >When attempting to ":set nosecure" got: > >"set: the secure option may not be turned off." > >When attempting to "set nosecure" in my .exrc file, got: > >set nonumber >.exrc, 44: set: the secure option may not be turned off >.exrc, 44: Ex command failed: pending commands discarded > >Looking through all the man pages, vi references, tutorials, and the the >oreilly vi "bible", >can't find anything... > >Is "set secure" a compiled in setting? > > >From FreeBSD vi man page: > > -S Run with the secure edit option set, disallowing all > access to > external programs. >and > secure [off] > Turns off all access to external programs. > >..william.o.yates...hackware.at.tru2life.net...tru2life.info... So you are using ! for external commands and not the like :w! I would look at any defaults on the system that may be causing vi to run in secure mode, also check the mounted filesystem you are on is set to noexec. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From owner-freebsd-security@FreeBSD.ORG Tue Apr 22 18:14:03 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20E45106564A for ; Tue, 22 Apr 2008 18:14:03 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.freebsd.org (Postfix) with ESMTP id 0A6858FC13 for ; Tue, 22 Apr 2008 18:14:03 +0000 (UTC) (envelope-from marquis@roble.com) Date: Tue, 22 Apr 2008 11:14:02 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20080422120021.D18CD1065674@hub.freebsd.org> References: <20080422120021.D18CD1065674@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Message-Id: <20080422181402.DDE2E2B45B3@mx5.roble.com> Subject: Re: openssldoesn't -overwrite-base again (was: FreeBSD-SA-08:05.openssh) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Apr 2008 18:14:03 -0000 Dirk Meyer wrote: > The -overwrite-base option was only functional on FreeBSD 4.x > With FreeBSD 5.x the libs are spread in /lib and /usr/lib, so > even if the ports overwrite base libs, some tools still use the > old (unpatched) libs from /lib. Couldn't this be addressed simply by removing the old libs, possibly replacing with symlinks, in coordination with the standard/base? We shouldn't need to worry about base applications linked to the old libs anyhow, unless a base app is making unreasonable expectations. Better to fix those bugs in base, IMO, than have multiple versions of key libraries. Roger Marquis