[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: artswrapper defanged
From: Nadeem Hasan <nhasan () nadmm ! com>
Date: 2002-07-19 13:19:21
[Download RAW message or body]
Quoting Rik Hemsley <rik@kde.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> #if Matthias Welwarsky
> > What you _should_ have done is publish a security advice that tells
> > people to remove the suid bit of artswrapper. This has the same
> > effect as patching the feature away in the source: None. But it would
> > have saved people a lot of breath.
>
> There is already a security advisory, in fact, that's where I heard
> about the exploit.
>
> I have not heard that artswrapper has been fixed properly yet. We're
> approaching another release. If I hadn't patched artswrapper, would the
> next release have gone out with the exploit still open ?
To all those who are making noises about Rik's actions:
Did you speak up about a possible solution when the advisory came out?
Do you have a way to fix this hole *the right way*?
Do you intend to fix it *the right way* in the near future?
If your answer is no to all, do something constructive elsewhere.
Thanks,
--
Nadeem Hasan
nhasan@nadmm.com
http://www.nadmm.com/
______________________________________________________
This mail sent through http://webmail.nadmm.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic