[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: artswrapper defanged
From:       Rik Hemsley <rik () kde ! org>
Date:       2002-07-19 7:51:23
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

#if Matthias Welwarsky
> What you _should_ have done is publish a security advice that tells
> people to remove the suid bit of artswrapper. This has the same
> effect as patching the feature away in the source: None. But it would
> have saved people a lot of breath.

There is already a security advisory, in fact, that's where I heard
about the exploit.

I have not heard that artswrapper has been fixed properly yet. We're
approaching another release. If I hadn't patched artswrapper, would the
next release have gone out with the exploit still open ?

Rik

- -- 
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9N8T76rehpl6X9l0RAoPhAJ48wIW2tR/ZC91bGVtpaupwSfWqRQCfcLMN
FMs+y6B3BeAU6Cp6IH4tCRE=
=c0rK
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]