From owner-freebsd-security  Fri Sep 29 15:51:17 2000
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 471BB37B502; Fri, 29 Sep 2000 15:51:15 -0700 (PDT)
Received: (from kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id PAA08340;
	Fri, 29 Sep 2000 15:51:15 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Date: Fri, 29 Sep 2000 15:51:15 -0700
From: Kris Kennaway <kris@FreeBSD.org>
To: Roman Shterenzon <roman@xpert.com>
Cc: Kris Kennaway <kris@FreeBSD.org>, security@freebsd.org
Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd)
Message-ID: <20000929155115.A6456@freefall.freebsd.org>
References: <Pine.BSF.4.21.0009290030170.63575-100000@freefall.freebsd.org> <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.10.10009291755520.17656-100000@jamus.xpert.com>; from roman@xpert.com on Sat, Sep 30, 2000 at 02:41:30AM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote:

> Perhaps I'll move to mutt, the same command gives only 92 occurrences :)
> Mutt on the other hand has sgid binary installed..

I haven't looked at mutt yet - of course, just grepping for functions
is a poor indicator of the security of a program, but in the case of
pine it is so blatant (and the authors have a bad enough track record)
as to leave little doubt there are others which are remotely
exploitable aside from the currently known exploitable ones.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message