[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#14253: kmail html security bug
From: Andreas Gungl <Andreas.Gungl () osp-dd ! de>
Date: 2000-11-01 12:29:10
[Download RAW message or body]
Andreas Pour wrote:
>
> Tilo Ulbrich wrote:
> >
> > Am Dienstag, 31. Oktober 2000 21:27 schrieb Daniel Naber:
> >
> > > > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
> > > > So it is possible to exec programms which needn't arguments. E.g
> > > > "/sbin/halt" if I work with "root" were big shit.
> > >
> > > Nobody is supposed to run KDE as root.
>
> I truly don't understand this. If that is so, why is there a kfm-su in
> kde 1.1.x? And why is there kdesu? And why are there control modules
> that only work as root?
>
> I understand that users should not run their entire session as root.
> But doesn't root get mail? And how are ex-windowites to read mail w/out
> KMail -- they should learn to use mutt? Why have KMail if you can't use
> it to read mail securely?
>
> I'm sorry, but that answer is a cop-out. KMail will hopefully be fixed
> to not execute scripts; in fact there was a long discussion about this
> some months ago and I thought it had been fixed.
AFAIK the discussion was about executing attachments without any
warning. This is fixed.
All other things have already been said by others. ;-)
Andreas
> [ ... ]
>
> Ciao,
>
> Andreas Pour
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic