Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...

Modulok modulok at gmail.com
Fri Dec 14 17:28:51 PST 2007

On 12/14/07, Ted Mittelstaedt <tedm at toybox.placo.com> wrote:
> This happens from time to time with the FreeBSD ports system, and
> there isn't any way to avoid it.  Most open source software
> today is written to depend on other open source software
> packages.  People don't like spending programming time
> reinventing the wheel.  As a result you have a large dependency
> list which has deep roots as the dependent programs themselves
> have even more dependencies.  If just one single program in
> that mess gets updated it will affect entire trees and many
> other programs.

Which is ever so irritating...

In 40 years of lessons learned from the school of hard knocks in
relation to the design and evolution of both programming languages and
the software designs they implement, one truth has emerged: data
hiding increases the robustness of a program. Functions hide data,
classes hide data, namespaces hide data, the very concept of scope,
hides data. Yet, when we pull back and look at a slightly larger
picture of the interactions of programs themselves, we fail short of
carrying this idea through to a higher level. Package X depends on
package Y, but package Y depends on package Z, but package Z cannot be
installed because of a name conflict with package W. Update program X
and you could break what appears to be an un-related program J. Tough

Code re-use is a good thing. Intricate, far-reaching dependencies are
not. While package managers attempt to mitigate the underlying issue,
using code re-use as an excuse for the fragility of a system design,
is unfortunate. I do not pretend to have all of the answers, but I
feel that current state of things could be much improved.

That said, I think the volunteers, such as the package maintainers,
are doing an excellent job within the confines of the system they are
bound to.

Sorry if this is off topic in relation to the samba issue, but one of
the replies hit a sore spot of mine. I had to spill a few lines of my

More information about the freebsd-questions mailing list