Re: Intent to package: mlddc

To: Anthony Fok <foka@gpu.srv.ualberta.ca>
Cc: debian-devel@lists.debian.org
Subject: Re: Intent to package: mlddc
From: vanco@sonic.net
Date: Sat, 25 Apr 1998 01:06:32 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.3.96.980425010207.664A-100000@spire.dyn.ml.org>
In-reply-to: <[🔎] 19980425034209.D361@lovelife.olvc.ab.ca>

-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 25 Apr 1998, Anthony Fok wrote:

> On Fri, Apr 24, 1998 at 04:03:58PM -0700, vanco@sonic.net wrote:
> 
> It is already packaged by John Hasler <john@dhh.gt.org> in March.  :-)
> 
[snip]
> 
> Nice idea.  :-)  The current mlddc package does nothing like this, i.e., the
> user has to add mlddc to ip-up (and perhaps ip-down?  Nah, too late)
> manually.  Maybe you could discuss with John to see if you could improve the
> package?  :-)
> 
> Welcome to Debian!  :-)
> 

I also found one thing -- mlddc is insecure. That's right, it's subject to
buffer overflow; it uses gets in its source. If john used the provided
binary for the .deb, this is a security hazard.
	I am currently experimenting with the use of a perl module
designed for interface to the monolith NIC -- it uses libwww-perl and
therefore could be extended to use some of monolith's other services --
such as password changes and such.
	Otherwise I could simply hack the mlddc source code and eliminate
the security breach, as the perl client is somewhat slower.

- ---------------------------------------------------------------------------
Aaron Van Couwenberghe -- vanco@sonic.net, aaronvanc@hotmail.com
|---> Debian GNU/Linux: http://www.debian.org  ftp://ftp.debian.org <-----\
|-> Proud competitor in the race for World Domination <-------------------|

Illusion web designs - http://www.sonic.net/~vanco - To be launched by June

PGP KeyID: 41119089	UserID: Aaron Van Couwenberghe <vanco@sonic.net>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a

mQCNAzU9DnIAAAEEAMPBOCQh5zzgJCh7hz7M20bL+gztIn1+ldPNq8AcN7s16XHa
sgWQoK/Yz/15HnClqDATQhqItG4+4SZDW/VywLgDUxfa+WXPqOFGdUv8AODAnWiz
doOI58TajZTV4gyvp2fCH2sjvOOpfZ1AFn1m3Z6kT3c0otbNSfoZ48BBEZCJAAUR
tChBYXJvbiBWYW4gQ291d2VuYmVyZ2hlIDx2YW5jb0Bzb25pYy5uZXQ+iQCVAwUQ
NT0OcvoZ48BBEZCJAQENBQP9G/3B3HHQOYaea6ep1Z+0ZR/BtK3o2bPPdhVFEksT
vwlvDYM01RouZoWZ91ixJVTp5r+ovq/4eFnrVk1IxjK6lEeXtKixrWKuyv3xVBa5
1snIrslc4t6zahBJx6i9OESgK69BDi0MMA8Y5jzz6I38vCZS1cFjwGZvzyINJEaF
+Fg=
=56FS
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNUGZi/oZ48BBEZCJAQEwlAP9ESM7t+rS8qVa49pZtMMiXrQGRFUCsigt
iS/AgPQxFspskZRESq4i5uxThBUm8WcN2l1AzRGug2fXYjUUdCSKMtJ2xCRyGNda
YakNGYA2bHNm8Fo/OHpGsVa++KJJwnt5H7n9lHpheajAZp98zQo2XpBzwVwWTqcM
rm51wGKSgeo=
=PLSI
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Intent to package: mlddc
  - From: Anthony Fok <foka@gpu.srv.ualberta.ca>

Prev by Date: Re: gpm and time after hamm upgrade
Next by Date: Re: Intent to package: mlddc
Previous by thread: Re: Intent to package: mlddc
Next by thread: Re: Intent to package: mlddc
Index(es):
- Date
- Thread