Date: Fri, 09 Jun 2000 19:19:55 -0700 From: Andy Sparrow <andy@geek4food.org> To: Will Andrews <andrews@technologist.com> Cc: John Holland <john@zoner.org>, ports@FreeBSD.ORG, freebsd-ports@FreeBSD.ORG Subject: Re: Hylafax security audit Message-ID: <200006100219.TAA84496@mega.geek4food.org> In-Reply-To: Your message of "Fri, 09 Jun 2000 12:05:36 EDT." <20000609120536.N6343@argon.gryphonsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-------- Your message dated: Fri, 09 Jun 2000 12:05:36 EDT >Probably not. But someone might prove me wrong. Well, I believe a number of people are /considering/ it, although no-one's actually coming up with patches yet. Maybe we just need a leader (baaa!). :-) >No, the hylafax people are completely ignoring this problem. There is, apparently, a known cgi-bin exploit in the docs for the current beta, which isn't fixed yet in CVS. *sigh* It's my take that they'd welcome some people subscribing to their devel list and helping out, but that security isn't their main concern. Actually, I think it makes sense to lock down a dedicated server and only provide restricted logins on that box - which seems to me to remove most of the security issues. For a SOHO workstation install, HylaFAX is kinda overkill anyway, and other, simpler, software exists (like sendfax and efax). I'm not saying that that's their stance, just an observation. Cheers, AS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006100219.TAA84496>