Date: Fri, 28 Jan 2000 02:29:50 -0700 From: Warner Losh <imp@village.org> To: Masafumi NAKANE <max@wide.ad.jp> Cc: kris@hub.freebsd.org, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG Subject: Re: delegate buffer overflow (ports) Message-ID: <200001280929.CAA60630@harmony.village.org> In-Reply-To: Your message of "Fri, 28 Jan 2000 17:34:36 %2B0900." <877lgufvc3.wl@fr.aslm.rim.or.jp> References: <877lgufvc3.wl@fr.aslm.rim.or.jp> <200001280739.MAA02652@dor.zaural.ru> <Pine.BSF.4.21.0001280006430.12504-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- In message <877lgufvc3.wl@fr.aslm.rim.or.jp> Masafumi NAKANE writes: : I don't personally think it is too good idea to mark any ports : broken/forbidden because of the security problem since they still are : good in dialup home environment, which I assume there are many users : of. I think it is a really bad idea not to mark ports that have known holes that can be used to penetrate your machine as FORBIDDEN. We are trying to produce a good, secure system here. If we do not mark them as FORBIDDEN, they will wind up on the cdrom and people will install them. Then they will yell in bugtraq that we don't care about security and we get more bad PR. If someone really wants this port, they should be forced to hack the Makefile to remove the FORBIDDEN line. Warner FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOJFhg9xynu/2qPVhAQHRxgP/dxRF7jzk8XKmxGFIdA44GaGRQyy1mJLc NLBkNEV0zev8BMc8rTNH6m+GP7XJK2mK5ZWq9uxzjjw1gqX4ec/PLzZ8826pyzHk I/ILmpDzT0Wiq42QH0x4luQ/JyM6B//3jF/SGF8FWZesXxeG7VEY7jR+FzsA7YNi pnoIAy1lKuI= =4zpu -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200001280929.CAA60630>