Re: Hylafax and FreeBSD Ports

To: chris@hexanet.fr (Christophe Prevotaux)
Subject: Re: flexfax: Hylafax and FreeBSD Ports
From: David Woolley <david@djwhome.demon.co.uk>
Cc: flexfax@sgi.com
Date: Tue, 15 Feb 2000 08:15:09 +0000 (GMT)

> I noticed that in the FreeBSD port of hylafax a comment says:
> 
> FORBIDDEN=      "Security hole (buffer overflow yielding setuid uucp)"

I never remember seeing anything about this on the Hylafax list.

The BSD people did a major survey, a couple of years ago, for buffer
overflows, but enen where they did report them to the developers
the reports were often undiplomatic and confusing - I think such a 
report would have drawn discussion.  (They tended to use a simplistic
rule of declaring any use of string functions without an explicit
length restriction constituted a buffer overrun, without looking at the
context to see whether parameters were known to be safe at that point.
Crying wolf is some cases, is not, however, a cause for complacency.)

Follow-Ups:
- Re: Hylafax and FreeBSD Ports
  - From: Helge Oldach <Helge.Oldach@de.origin-it.com>

References:
- Hylafax and FreeBSD Ports
  - From: Christophe Prevotaux <chris@hexanet.fr>

Prev by Date: HylaFax
Next by Date: Re: FAX Stuck in Send Que
Prev by thread: Hylafax and FreeBSD Ports
Next by thread: Re: Hylafax and FreeBSD Ports
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services