Date: Mon, 26 Oct 1998 09:13:03 +0000 From: Dom Mitchell <dom@phmit.demon.co.uk> To: Jamie Zawinski <jwz@jwz.org> Cc: freebsd-ports@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Re: ports/8411: update xscreensaver to 3.00 Message-ID: <E0zXii0-0004xd-00@voodoo.pandhm.co.uk> In-Reply-To: Jamie Zawinski's message of "Sun, 25 Oct 1998 19:48:40 PST" <3633F118.27EDB6FD@jwz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25 October 1998, Jamie Zawinski proclaimed: > Dom Mitchell wrote: > > > > This is an update of the xscreensaver port to 3.00, the latest. I've > > taken out the patch which prevents it from using passwords (not sure > > why it was there...). It gets installed root, so it can read the > > password file. Personally, I like this. > > Let me get this straight: > > * you've disabled *security code* that by your own admission > you do not understand; > > * you did so without even bothering to ask the author of that > code why it was there; > > * and then you DISTRIBUTED THE RESULT??? > > Do whatever crazy things you like on your own system, but > DO NOT distribute xscreensaver modified in this way. > You have opened up a gaping security hole. > > Please delete your modified version ASAP before someone is > foolish enough to install it somewhere where it can be exploited. Darn. You're absolutely right. I'm sorry that this happened, I should have tested with the patch applied first. The ports ave broken locking for me in the past, and it looked like that would too. Could I please ask somebody with the appropriate privs to remove that PR from the database so that it doesn't get used by accident. I'll resubmit a correct one shortly. -- Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator "Xerox studies suggest that most people print out electronic mail that is longer than half a page; paper use rises by 40 percent in offices that introduce E-mail." -- CCM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E0zXii0-0004xd-00>