[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: artswrapper defanged
From: Rik Hemsley <rik () kde ! org>
Date: 2002-07-19 7:51:23
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
#if Matthias Welwarsky
> What you _should_ have done is publish a security advice that tells
> people to remove the suid bit of artswrapper. This has the same
> effect as patching the feature away in the source: None. But it would
> have saved people a lot of breath.
There is already a security advisory, in fact, that's where I heard
about the exploit.
I have not heard that artswrapper has been fixed properly yet. We're
approaching another release. If I hadn't patched artswrapper, would the
next release have gone out with the exploit still open ?
Rik
- --
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9N8T76rehpl6X9l0RAoPhAJ48wIW2tR/ZC91bGVtpaupwSfWqRQCfcLMN
FMs+y6B3BeAU6Cp6IH4tCRE=
=c0rK
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic