From owner-freebsd-ports  Tue Sep 21 20: 9:43 1999
Delivered-To: freebsd-ports@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id D809614E64; Tue, 21 Sep 1999 20:09:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id C91B91CD736; Tue, 21 Sep 1999 20:09:41 -0700 (PDT)
	(envelope-from kris@hub.freebsd.org)
Date: Tue, 21 Sep 1999 20:09:41 -0700 (PDT)
From: Kris Kennaway <kris@hub.freebsd.org>
To: TAOKA Satoshi <taoka@infonets.hiroshima-u.ac.jp>
Cc: ports@freebsd.org
Subject: Re: ports/13809: new port: sysutils/wmbattery
In-Reply-To: <19990921104717Q.taoka@infonets.hiroshima-u.ac.jp>
Message-ID: <Pine.BSF.4.10.9909212007460.26241-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 21 Sep 1999, TAOKA Satoshi wrote:

> > > Better make sure it's secure - many of these wm* utilities share a common
> > > heritage, and at least one (wmmon) contained buffer overflows from
> > > command-line arguments, and even processed arbitrary shell commands in a
> > > dotfile as the setuid user. :-(
> > 
> > Well.. not much I can do about it right now since I don't even know what
> > programming habits/mistakes lead to buffer overflows.. meaning I can't look for
> > buffer overflows in wmbattery.
> 
> I don't understand, too.

Well, given the rampaging lack of code quality in many of the wm* applets
it worries me, but I don't have the time to look over the code. I guess
that means I should shut up.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message