Date: Mon, 20 Sep 1999 16:20:40 -0400 (EDT) From: Will Andrews <andrews@TECHNOLOGIST.COM> To: Kris Kennaway <kris@hub.freebsd.org> Cc: freebsd-ports@FreeBSD.ORG Subject: Re: ports/13809: new port: sysutils/wmbattery Message-ID: <XFMail.990920162040.andrews@TECHNOLOGIST.COM> In-Reply-To: <Pine.BSF.4.10.9909201135020.26241-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20-Sep-99 Kris Kennaway wrote: > On Tue, 21 Sep 1999, TAOKA Satoshi wrote: >> I think wmbattery had better be set gid (to operator). >> See wmapm port. I agree.. I inadvertently forgot to add that part.. > Better make sure it's secure - many of these wm* utilities share a common > heritage, and at least one (wmmon) contained buffer overflows from > command-line arguments, and even processed arbitrary shell commands in a > dotfile as the setuid user. :-( Well.. not much I can do about it right now since I don't even know what programming habits/mistakes lead to buffer overflows.. meaning I can't look for buffer overflows in wmbattery. People install ports at their own risk. There are, after all, ways for a user to place restrictions on the programs installed by such. -- Will Andrews <andrews@technologist.com> GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990920162040.andrews>