From owner-doc-jp@jp.freebsd.org  Sat Sep 23 17:30:15 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id RAA94270;
	Sat, 23 Sep 2000 17:30:15 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from sv01.geocities.co.jp (sv01.geocities.co.jp [210.153.89.155])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id RAA94265
	for <doc-jp@jp.freebsd.org>; Sat, 23 Sep 2000 17:30:15 +0900 (JST)
	(envelope-from hrs@geocities.co.jp)
Received: from mail.geocities.co.jp (mail.geocities.co.jp [210.153.89.137]) by sv01.geocities.co.jp (8.9.3+3.2W/3.7W) with ESMTP id RAA03212 for <doc-jp@jp.freebsd.org>; Sat, 23 Sep 2000 17:30:14 +0900 (JST)
Received: from mail.hrs.jp (p0190-ip01funabasi.chiba.ocn.ne.jp [211.123.225.190]) by mail.geocities.co.jp (1.3G-GeocitiesJ-3.3) with ESMTP id RAA28747 for <doc-jp@jp.freebsd.org>; Sat, 23 Sep 2000 17:30:08 +0900 (JST)
Message-Id: <200009230830.RAA28747@mail.geocities.co.jp>
Received: from localhost (alph.hrs.jp [192.168.0.10])
	by mail.hrs.jp (8.9.3/3.7W/DomainMaster) with ESMTP id RAA82317
	for <doc-jp@jp.freebsd.org>; Sat, 23 Sep 2000 17:29:30 +0900 (JST)
	(envelope-from hrs@hrs.jp)
In-Reply-To: <87k8c31tt5.wl@jazz.wakabaya.net>
References: <200009212329.IAA27790@mail.geocities.co.jp>
	<200009212336.IAA01352@mail.geocities.co.jp>
	<87k8c31tt5.wl@jazz.wakabaya.net>
	<87r96b1vei.wl@jazz.wakabaya.net>
	<87lmwj1u3d.wl@jazz.wakabaya.net>
	<87og1f1uol.wl@jazz.wakabaya.net>
To: doc-jp@jp.freebsd.org
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Sat_Sep_23_17:16:16_2000_809)--"
Content-Transfer-Encoding: 7bit
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Date: Sat, 23 Sep 2000 17:29:29 +0900
From: Hiroki Sato <hrs@geocities.co.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 912
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7724
Subject: [doc-jp 7724] Re: ANNOUNCE: FreeBSD Ports Security Advisory
 00:46,47,48,49,50,51
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@geocities.co.jp

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 46 $B$+$i(B 51 $B$N=$@5HG$G$9!#(B
 $BFC$KLdBj$,$J$1$l$P(B 09/24 $B$"$?$j$KN.$7$^$9!#(B

 $B=$@52U=j$O0J2<$N$H$*$j!#(B

[00:47]

susumu@wakabaya.net ($B<cNS(B $B?J(B) wrote
 in <87lmwj1u3d.wl@jazz.wakabaya.net>:

> $B$3$N@a$NLuJ8$,H4$1$F$$$k$h$&$J(B. 

 $BC1$J$kLu$7K:$l$G$7$?(B :-p
 $B$=$N$^$^D:$-$^$9!#(B

 # The FreeBSD port of pine4 $B$^$GFI$s$@$H$3$m$G!"(B
 # is not installed by default.. $B$NDj7?J8$H;W$C$?$N$+$b!E!E(B

 $B$^$?!"(B

 Remote users can cause pine4 to crash when closing a mail folder by
 sending a malformed email.
-$BIT@5$JEE;R%a!<%k$rAw$k$3$H$G(B, $B%j%b!<%H%f!<%6$O(B
-$B%a!<%k%U%)%k%@$rJD$8$k;~$K(B pine4 $B$r%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B.
+$BIT@5$JEE;R%a!<%k$rAw$k$3$H$G(B, $B%j%b!<%H%f!<%6$O(B
+$B%m!<%+%k$N(B pine4 $B$r%m!<%+%k%f!<%6$,%a!<%k%U%)%k%@$rJD$8$k;~$K(B
+$B%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B.

 $B$H$7$^$7$?!#(B

[00:48]

susumu@wakabaya.net ($B<cNS(B $B?J(B) wrote
 in <87og1f1uol.wl@jazz.wakabaya.net>:

> -$B%j%b!<%H$N(B IRC $B%f!<%6$O(B, $BIT@5$J(B URL $B$r1&%/%j%C%/$7$F8F$S=P$9;~$K(B
> -$B%m!<%+%k%f!<%68"8B$GG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.
> +$B%j%b!<%H$N(B IRC $B%f!<%6$O(B, $B%m!<%+%k%f!<%6$,IT@5$J(B URL $B$r1&%/%j%C%/$7$F(B
> +$B8F$S=P$9;~$K(B, $B$=$N%f!<%6$N8"8B$GG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

 $B$3$N=$@5$K2C$($F!"G0$N$?$a$K:G8e$N9T$r(B

 -$B$=$N%f!<%6$N8"8B$G(B
 +$B$=$N%m!<%+%k%f!<%6$N8"8B$G(B 

 $B$H$7$^$7$?!#(B

> H> 2) $B8E$$(B ($BLuCm(B: xchat-devel $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
> 
> ($BLuCm(B: xchat $B$b$7$/$O(B xchat-devel $B$N(B)

 $B$3$l$b=$@5$7$^$7$?!#(B

[00:51]

 susumu@wakabaya.net ($B<cNS(B $B?J(B) wrote
 in <87r96b1vei.wl@jazz.wakabaya.net>:

> -$B%m!<%+%k$G0-MQ2DG=$J%P%C%U%!%*!<%P%U%m!<LdBj$,$$$/$D$+4^$^$l$F$$$^$9(B.
> +$B%m!<%+%k$G0-MQ2DG=$J%;%-%e%j%F%#>e$N<eE@$,$$$/$D$+4^$^$l$F$$$^$9(B.

 $B$3$NItJ,$O$=$N$^$^=$@5$7$^$7$?!#(B


--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@geocities.co.jp>
|
|                                sato@sekine00.ee.noda.sut.ac.jp(UNIV)
|                                     hrs@FreeBSD.org(FreeBSD Project)

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:46"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:46.screen [UPDATED]
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 20 Sep 2000 14:21:37 -0700 (PDT)
  Message-Id: <20000920212137.34F0F37B42C@hub.freebsd.org>
  X-Sequence: announce-jp 543

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:46                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	screen port contains local root compromise

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	screen
$B9pCNF|(B:		2000-09-13
$B2~D{F|(B:  	2000-09-20
$B1F6AHO0O(B:	$B=$@5F|A0$N(B Ports Collection
$B=$@5F|(B:		2000-09-01
$B%/%l%8%C%H(B:	Jouko Pynnen <jouko@SOLUTIONS.FI>
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

screen $B$O(B, $BJ#?t$N%W%m%;%94V$GJ*M}C<Kv$r@Z$jBX$($k$?$a$N(B
$B?M5$$N$"$k%"%W%j%1!<%7%g%s$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

screen port $B$N%P!<%8%g%s(B 3.9.5 $B$*$h$S$=$l0JA0$N$b$N$K$O(B,
$B%m!<%+%k%f!<%6$,(B root $B8"8B$r<j$KF~$l$k$3$H$,2DG=$K$J$k$h$&$J(B
$B%;%-%e%j%F%#>e$N<eE@$,B8:_$7$^$9(B.  $B$3$l$O@_Dj%Q%i%a!<%?$K(B
$B=q<0;XDjJ8;zNs$rA^F~$9$k$3$H$G<B8=$5$l$^$9(B.
$B$=$NJ8;zNs$NA^F~$K$h$C$F(B, $BG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

screen $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.1 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$B%m!<%+%k%f!<%6$,(B root $B8"8B$rF@$k$3$H$,2DG=$G$9(B.

screen $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

screen $B%W%m%0%i%`$+$i(B setuid $B%S%C%H$r<h$j=|$$$F$/$@$5$$(B.
$B$=$N$?$a$K$O(B root $B8"8B$G0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

chmod 555 /usr/local/bin/screen-3.9.5

$B$?$@$7(B, $B$3$l$O0l;~E*$J=hCV$@$H9M$($k$Y$-$G$9(B.  $B$^$?(B, $B$3$l$K$h$j(B
screen $B%W%m%0%i%`$NF0:n$,1F6A$r<u$1$k2DG=@-$,$"$j$^$9(B.

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, screen $B$N(B port $B$r:F9=C[$7$^$9(B.

$BCm0U(B: $B?7$7$$(B package $B$r%$%s%9%H!<%k$9$kA0$K(B, $BI,$:(B pkg_delete $B$r;H$C$F(B
$B8E$$(B package $B$r:o=|$7$F$/$@$5$$(B.  $B8E$$(B package $B$r:o=|$7$J$$$H(B,
$B%;%-%e%j%F%#>e$N<eE@$H$J$k(B setuid $B$5$l$?%P%$%J%j$,%7%9%F%`>e$K;D$C$F$7$^$&(B
$B2DG=@-$,$"$j$^$9(B.  $B8E$$(B package $B$,%7%9%F%`$K;D$C$F$$$k$+$I$&$+D4$Y$k$K$O(B,
$B0J2<$N%3%^%s%I$r<B9T$7$^$9(B.

ls -d /var/db/pkg/screen-*

$B$=$7$FI=<($5$l$k3F%(%s%H%j$KBP1~$9$k%G%#%l%/%H%jL>$r;XDj$7$F(B
($B$?$H$($P(B pkg_delete screen-3.9.5 $B$N$h$&$K(B) pkg_delete $B$r<B9T$7$^$9(B.
$B0l$D0J>e$N(B package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B
$B7Y9p%a%C%;!<%8$,I=<($5$l$^$9$,(B, $B$=$l$i$OL5;k$7$F(B, $B<!$K(B
$B:G?7HG$N(B screen port $B$N:F9=C[$r9T$J$C$F$/$@$5$$(B.

2) $B8E$$(B ($BLuCm(B: screen $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/screen-3.9.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/misc/screen-3.9.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/misc/screen-3.9.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/misc/screen-3.9.8.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/misc/screen-3.9.8.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

3) screen port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

VI.  $B2~D{MzNr(B

v1.0  2000-09-13  $B=iHG8x3+(B
v1.1  2000-09-20  port $B$N:F9=C[$r9T$J$&A0$K(B, $B8E$$(B package $B$N:o=|$r(B
                  $B3NG'$9$k$h$&;X<($9$kCm0U=q$-$rDI2C(B.

$hrs: FreeBSD-SA/00:46,v 1.4 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:47"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:47.pine
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 13 Sep 2000 13:33:43 -0700 (PDT)
  Message-Id: <20000913203343.E73D837B43C@hub.freebsd.org>
  X-Sequence: announce-jp 536

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:47                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	pine4 port allows denial of service

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	pine4
$B9pCNF|(B:		2000-09-13
$B1F6AHO0O(B:	Ports Collection
$B=$@5F|(B:		2000-07-17
$B%/%l%8%C%H(B:	Juhapekka Tolvanen <juhtolv@ST.JYU.FI>
$B%Y%s%@$NBP1~(B:	$BO"Mm:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

pine $B$O?M5$$N$"$kEE;R%a!<%k%f!<%6%(!<%8%'%s%H$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

pine4 port $B$N%P!<%8%g%s(B 4.21 $B$*$h$S$=$l0JA0$N$b$N$K$O(B,
$BIT@5$J(B X-Keywords $B%X%C%@$r;}$DEE;R%a!<%k%a%C%;!<%8$r4^$s$@%U%)%k%@$r(B
$B=hM}$9$k:]$K(B, $B%W%m%0%i%`$,%/%i%C%7%e$9$k2DG=@-$N$"$k%P%0$,4^$^$l$F$$$^$9(B.
$B$=$N860x$H$J$k%a%C%;!<%8<+BN$O(B, $B$=$l$HJ,$+$l$P(B pine $B$+$i:o=|$9$k$3$H$,(B
$B2DG=$G$9$,(B, $B$=$N%a%C%;!<%8$,;D$C$F$$$k%U%)%k%@$rJD$8$k$J$I$N(B
$BB>$NA`:n$r9T$J$&$H(B pine $B$,860xITL@$N%/%i%C%7%e$r5/$3$7(B,
$B%a!<%k%\%C%/%9$X$NJQ99$OL58z$K$J$j$^$9(B.

FreeBSD $B$N(B pine4 $B$N(B port $B$O(B, mailbox $B$r=hM}$9$k$?$a$K;H$o$l$k(B c-client
$B%i%$%V%i%j$N99?7$5$l$?%P!<%8%g%s$r;H$&$h$&$K(B, 2000-07-17 $B$KJQ99$5$l$^$7$?(B. 
$B$3$N%i%$%V%i%j$K$OK\7o$N%P%0$OF~$C$F$*$i$:(B, $B$3$l$r;H$C$F:n$i$l$?(B pine4
($B$9$J$o$A=$@5F|0J9_$N(B ports $B$d(B packages) $B$O$3$N%;%-%e%j%F%#>e$N<eE@$O(B
$B;}$C$F$$$^$;$s(B.

pine4 $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B. $B$=$l$i$O(B
3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.1 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.
 
FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$BIT@5$JEE;R%a!<%k$rAw$k$3$H$G(B, $B%j%b!<%H%f!<%6$O(B
$B%m!<%+%k$N(B pine4 $B$r%m!<%+%k%f!<%6$,%a!<%k%U%)%k%@$rJD$8$k;~$K(B
$B%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B.
 
pine4 $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

pine4 $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B. 

procmail (FreeBSD Ports Collection $B$N(B /usr/ports/mail/procmail $B$K$"$j$^$9(B)
$B$N$h$&$J%a!<%k%U%#%k%?%j%s%0%f!<%F%#%j%F%#$r;H$C$F(B
$BIT@5$J(B X-Keywords $B%X%C%@$r;}$DE~Ce%a!<%k$rGS=|$9$k$3$H$,(B
$B2DG=$+$bCN$l$^$;$s$,(B, $B$=$N2sHrJ}K!$K$D$$$F$O$3$3$G$O=R$Y$F$$$^$;$s(B.

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, pine4 $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: pine4 $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21.tgz

$BCm0U(B: $B%=%U%H%&%'%"$N%P!<%8%g%sHV9f$OJQ99$5$l$F$$$^$;$s$N$G(B,
      package $B%U%!%$%k$N:n@.F|;~$,9g$C$F$$$k$+3NG'$9$k$h$&$K$7$F$/$@$5$$(B.

3) pine4 port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

   [$BLuCm(B] $B86J8$G$O(B "listmanager" $B$H$J$C$F$$$^$9$,(B, $B8m5-$@$H;W$o$l$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

$hrs: FreeBSD-SA/00:47,v 1.3 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:48"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:48.xchat
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 13 Sep 2000 13:34:34 -0700 (PDT)
  Message-Id: <20000913203434.C464137B43C@hub.freebsd.org>
  X-Sequence: announce-jp 537

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:48                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	xchat port inappropriately handles URLs

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	xchat, xchat-devel
$B9pCNF|(B:		2000-09-13
$B1F6AHO0O(B:	Ports Collection
$B=$@5F|(B:		2000-08-27
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

xchat $B$O?M5$$N$"$k%0%i%U%#%C%/;X8~$N(B IRC $B%/%i%$%"%s%H$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

xchat IRC $B%/%i%$%"%s%H$K$O(B, IRC $B%&%#%s%I%&$KI=<($5$l$?(B URL $B$r(B
$B1&%/%j%C%/$7$F(B, $B$=$N(B URL $B$r%&%'%V%V%i%&%6$K8F$S=P$95!G=$,$"$j$^$9(B.
$B$7$+$7(B, $B%P!<%8%g%s(B 1.4.3 $B$h$jA0$N$b$N(B, $B3+H/HG$N(B 1.5 $B7ONs$G$O(B
$B%P!<%8%g%s(B 1.5.7 $B$h$jA0$N$b$N$G$O$3$N5!G=$N=hM}$,E,@Z$G$J$$$?$a(B,
$B0-0U$N$"$k(B IRC $B%f!<%6$,(B URL $B$K%3%^%s%I$rKd$a9~$`$3$H$G(B,
$B>e$G=R$Y$?$h$&$K(B URL $B$,%V%i%&%6$K!V8F$S=P$5$l$k!W;~$K(B
$B$=$N%m!<%+%k%f!<%6$N8"8B$GG$0U$N%3%^%s%I$r<B9T$G$-$k2DG=@-$,$"$j$^$9(B.

xchat $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B. $B$=$l$i$O(B
3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.0 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.
 
FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$B%j%b!<%H$N(B IRC $B%f!<%6$O(B, $B%m!<%+%k%f!<%6$,IT@5$J(B URL $B$r(B
$B1&%/%j%C%/$7$F8F$S=P$9;~$K(B, $B$=$N%m!<%+%k%f!<%68"8B$G(B
$BG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9(B.

xchat $B$b$7$/$O(B xchat-devel $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

` ($B%P%C%/%/%)!<%H(B) $B$r4^$`(B URL $B$r8F$S=P$5$J$$$h$&$K$7$F$/$@$5$$(B.

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, xchat $B$b$7$/$O(B xchat-devel $B$N(B
   port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: xchat $B$b$7$/$O(B xchat-devel $B$N(B) package $B$r(B
   $B%7%9%F%`$+$i:o=|$7(B,  $B=$@5F|0J9_$K:n@.$5$l$??7$7$$(B package $B$r(B
   $B0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/xchat-1.4.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/xchat-1.4.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/xchat-1.4.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/xchat-1.4.3.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/xchat-1.4.3.tgz

3) xchat port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

$hrs: FreeBSD-SA/00:48,v 1.3 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:49"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:49.eject
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 13 Sep 2000 13:34:57 -0700 (PDT)
  Message-Id: <20000913203457.E4D9137B69F@hub.freebsd.org>
  X-Sequence: announce-jp 538

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:49                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	eject port allows local root exploit

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	eject
$B9pCNF|(B:		2000-09-13
$B1F6AHO0O(B:	Ports Collection
$B=$@5F|(B:		2000-08-21
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B%Y%s%@$NBP1~(B:	$BO"Mm:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

eject $B$O(B CD $B$d8w%G%#%9%/%I%i%$%V$NCf$K$"$k%a%G%#%"$r(B
$B<h$j=P$9$?$a$N%f!<%F%#%j%F%#$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

eject $B%W%m%0%i%`$O(B root $B%f!<%6$G(B setuid $B$5$l$F%$%s%9%H!<%k$5$l$^$9$,(B,
$B$3$N%W%m%0%i%`$K$O%m!<%+%k%f!<%6$,%*!<%P%U%m!<$r0z$-5/$3$;$k$h$&$J(B
$B%P%C%U%!$,$$$/$D$+;H$o$l$F$$$^$9(B. $B$3$l$i$O(B, root $B8"8B$rC%$&$?$a$K(B
$B0-MQ$9$k$3$H$,2DG=$G$9(B.

eject $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B. $B$=$l$i$O(B
3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.1 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.
 
FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$B9b$$8"8B$r;}$?$J$$%f!<%6$,%m!<%+%k%7%9%F%`>e$G(B root $B8"8B$r(B
$BF@$k$3$H$,2DG=$G$9(B.

eject $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

eject $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B
$B$=$l$r%7%9%F%`$+$i:o=|$9$k$+(B, $B$"$k$$$O(B /usr/local/sbin/eject $B%U%!%$%k$N(B
$B5v2DB0@-$r@)8B(B ($B$?$H$($P(B setuid $BB0@-$r<h$j=|$/(B, $B<B9T$r?.Mj$G$-$k%0%k!<%W$K(B
$B8BDj$9$k$J$I(B) $B$7$F$/$@$5$$(B.

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, eject $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: eject $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz

$BCm0U(B: $B%=%U%H%&%'%"$N%P!<%8%g%sHV9f$OJQ99$5$l$F$$$^$;$s$N$G(B,
      package $B%U%!%$%k$N:n@.F|;~$,9g$C$F$$$k$+3NG'$9$k$h$&$K$7$F$/$@$5$$(B.

3) eject port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

$hrs: FreeBSD-SA/00:49,v 1.2 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:50"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:50.listmanager
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 13 Sep 2000 13:35:45 -0700 (PDT)
  Message-Id: <20000913203545.063E137B660@hub.freebsd.org>
  X-Sequence: announce-jp 539

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:50                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	listmanager port allows local root compromise

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	listmanager
$B9pCNF|(B:		2000-09-13
$B1F6AHO0O(B:	Ports Collection
$B=$@5F|(B:		2000-09-08
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

listmanager $B$O%a!<%j%s%0%j%9%H4IM}%=%U%H%&%'%"$N0l$D$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

listmanager port $B$N%P!<%8%g%s(B 2.105.1 $B$h$jA0$N$b$N$K$O(B,
$B%m!<%+%k$G0-MQ2DG=$J%P%C%U%!%*!<%P%U%m!<LdBj$,$$$/$D$+4^$^$l$F$$$^$9(B.
$B$3$l$O(B root $B8"8B$rF@$k$?$a$KMxMQ$G$-$k2DG=@-$,$"$j$^$9(B.

listmanager $B$O%=!<%9%3!<%I$,8x3+$5$l$F$$$J$$$?$a(B, $BB>$K(B
$B%;%-%e%j%F%#>e$N<eE@$,;D$C$F$$$k$+$I$&$+$d(B, $B$3$N%=%U%H%&%'%"$,(B
$B2a5n$K%j%b!<%H$+$i0-MQ2DG=$J<eE@$r;}$C$F$$$?$+$I$&$+$r(B
$B$O$C$-$j$5$;$k$3$H$O:$Fq$G$9(B. $B$7$+$7(B, $B$3$N%=%U%H%&%'%"$N:n<T$O(B
$B@?0U$r;}$C$F%3!<%I$N%;%-%e%j%F%#2~A1$K<h$jAH$s$G$$$k$H(B, $B$o$?$7$?$A$O(B
$B9M$($F$$$^$9(B.

listmanager $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B. $B$=$l$i$O(B
3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.1 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.
 
FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B). $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$B9b$$8"8B$r;}$?$J$$%f!<%6$,%m!<%+%k%7%9%F%`>e$G(B root $B8"8B$r(B
$BF@$k$3$H$,2DG=$G$9(B.

listmanager $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

listmanager $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B. 

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, listmanager $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: listmanager $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/listmanager-2.105.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/listmanager-2.105.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/listmanager-2.105.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/listmanager-2.105.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/listmanager-2.105.1.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

3) listmanager port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

$hrs: FreeBSD-SA/00:50,v 1.2 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="00:51"

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:51.mailman
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Wed, 13 Sep 2000 13:36:17 -0700 (PDT)
  Message-Id: <20000913203617.7D4D137B6B7@hub.freebsd.org>
  X-Sequence: announce-jp 540

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirrors-ftp.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirrors-ftp.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:51                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	mailman port allows local root compromise

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	mailman
$B9pCNF|(B:		2000-09-13
$B1F6AHO0O(B:	Ports Collection
$B=$@5F|(B:		2000-08-05
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

mailman $B$O%a!<%j%s%0%j%9%H4IM}%=%U%H%&%'%"$N0l$D$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

mailman port $B$N%P!<%8%g%s(B 2.0b5 $B$h$jA0$N$b$N$K$O(B,
$B%m!<%+%k$G0-MQ2DG=$J%;%-%e%j%F%#>e$N<eE@$,$$$/$D$+4^$^$l$F$$$^$9(B.
$B$3$l$O(B root $B8"8B$rF@$k$?$a$KMxMQ$G$-$k2DG=@-$,$"$j$^$9(B.

mailman $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 3800 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.1 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

$B9b$$8"8B$r;}$?$J$$%f!<%6$,%m!<%+%k%7%9%F%`>e$G(B root $B8"8B$r(B
$BF@$k$3$H$,2DG=$G$9(B.

mailman $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B,
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

mailman $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B. 

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, mailman $B$N(B port $B$r:F9=C[$7$^$9(B.

2) $B8E$$(B ($BLuCm(B: mailman $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/mailman-2.0b5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mailman-2.0b5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/mailman-2.0b5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mailman-2.0b5.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/mailman-2.0b5.tgz

$BCm0U(B: $B=$@5HG$N(B package $B$,MxMQ$G$-$k$h$&$K$J$k$^$G?tF|$+$+$k2DG=@-$,$"$j$^$9(B.

3) mailman port $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
   $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

$hrs: FreeBSD-SA/00:51,v 1.3 2000/09/23 08:14:54 hrs Exp $

----Next_Part(Sat_Sep_23_17:16:16_2000_809)----
