From owner-freebsd-bugs Fri Jan 28 2: 7:45 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8057614E04; Fri, 28 Jan 2000 02:07:36 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id CAA10389; Fri, 28 Jan 2000 02:29:38 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id CAA60630; Fri, 28 Jan 2000 02:29:50 -0700 (MST) Message-Id: <200001280929.CAA60630@harmony.village.org> To: Masafumi NAKANE Subject: Re: delegate buffer overflow (ports) Cc: kris@hub.freebsd.org, serg@dor.zaural.ru, freebsd-security@FreeBSD.ORG, freebsd-bugs@FreeBSD.ORG In-reply-to: Your message of "Fri, 28 Jan 2000 17:34:36 +0900." <877lgufvc3.wl@fr.aslm.rim.or.jp> References: <877lgufvc3.wl@fr.aslm.rim.or.jp> <200001280739.MAA02652@dor.zaural.ru> Date: Fri, 28 Jan 2000 02:29:50 -0700 From: Warner Losh Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <877lgufvc3.wl@fr.aslm.rim.or.jp> Masafumi NAKANE writes: : I don't personally think it is too good idea to mark any ports : broken/forbidden because of the security problem since they still are : good in dialup home environment, which I assume there are many users : of. I think it is a really bad idea not to mark ports that have known holes that can be used to penetrate your machine as FORBIDDEN. We are trying to produce a good, secure system here. If we do not mark them as FORBIDDEN, they will wind up on the cdrom and people will install them. Then they will yell in bugtraq that we don't care about security and we get more bad PR. If someone really wants this port, they should be forced to hack the Makefile to remove the FORBIDDEN line. Warner FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOJFhg9xynu/2qPVhAQHRxgP/dxRF7jzk8XKmxGFIdA44GaGRQyy1mJLc NLBkNEV0zev8BMc8rTNH6m+GP7XJK2mK5ZWq9uxzjjw1gqX4ec/PLzZ8826pyzHk I/ILmpDzT0Wiq42QH0x4luQ/JyM6B//3jF/SGF8FWZesXxeG7VEY7jR+FzsA7YNi pnoIAy1lKuI= =4zpu -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message