Date: Fri, 9 Jun 2000 12:05:36 -0400 From: Will Andrews <andrews@technologist.com> To: John Holland <john@zoner.org> Cc: ports@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: Hylafax security audit Message-ID: <20000609120536.N6343@argon.gryphonsoft.com> In-Reply-To: <4.3.1.0.20000609101719.00ae4900@pop.mindspring.com>; from john@zoner.org on Fri, Jun 09, 2000 at 10:54:22AM -0400 References: <4.3.1.0.20000609101719.00ae4900@pop.mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 09, 2000 at 10:54:22AM -0400, John Holland wrote: > Hylafax has been marked BROKEN/FORBIDDEN since 12/1/1999 due to a setuid > uucp buffer overflow in faxalter. The fix for that overflow is trivial, > but I noticed a number of other of unchecked string copies in other > portions of the code. I'd like to fix the buffer overflows so FreeBSD can > have a secure port of Hylafax. Please feel free to submit patches etc. that fix Hylafax's security problems, and I guarantee you they will be committed ASAP. > Is anyone else working on this? Is Hylafax doing anything about this? Probably not. But someone might prove me wrong. No, the hylafax people are completely ignoring this problem. -- Will Andrews <andrews@technologist.com> GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000609120536.N6343>