Re: [htdig] Compile errors of FreeBSD 3.3


Subject: Re: [htdig] Compile errors of FreeBSD 3.3
From: Geoff Hutchison (ghutchis@wso.williams.edu)
Date: Mon Jan 24 2000 - 20:14:00 PST


On Mon, 24 Jan 2000, Doug Barton wrote:

> > /usr/lib/libc.so: warning: this program uses gets(), which is unsafe.
>
> Use of gets() _is_ unsafe, but not the end of the world. When was the
> last time anyone did a security audit of the htdig source? Or is that
> part of the 3.2 series already?

It's been a while, and I don't know of any effort to do such in the 3.2
code. Since I don't think any of the active developers consider themselves
experts on doing code audits, this would be appreciated. Even better would
be an audit and a list of tips (or a URL) for the website at
dev.htdig.org.

> Fortunately the upgrade to this port is easy. I did the last
> modifications to the port, and Bill (the maintainer) was kind enough to

I've been a bit curious about this for some time--can we get the
modifications for the port? It seems like with some autoconf work, we can
merge them in. (I'm trying to keep the number of branches down if
possible.)

-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
htdig-unsubscribe@htdig.org
You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Mon Jan 24 2000 - 20:15:01 PST