HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hylafax and FreeBSD Ports

> I noticed that in the FreeBSD port of hylafax a comment says:
> FORBIDDEN=      "Security hole (buffer overflow yielding setuid uucp)"

I never remember seeing anything about this on the Hylafax list.

The BSD people did a major survey, a couple of years ago, for buffer
overflows, but enen where they did report them to the developers
the reports were often undiplomatic and confusing - I think such a 
report would have drawn discussion.  (They tended to use a simplistic
rule of declaring any use of string functions without an explicit
length restriction constituted a buffer overrun, without looking at the
context to see whether parameters were known to be safe at that point.
Crying wolf is some cases, is not, however, a cause for complacency.)

Project hosted by iFAX Solutions