[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: artswrapper defanged
From:       Nadeem Hasan <nhasan () nadmm ! com>
Date:       2002-07-19 13:19:21
[Download RAW message or body]

Quoting Rik Hemsley <rik@kde.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> #if Matthias Welwarsky
> > What you _should_ have done is publish a security advice that tells
> > people to remove the suid bit of artswrapper. This has the same
> > effect as patching the feature away in the source: None. But it would
> > have saved people a lot of breath.
> 
> There is already a security advisory, in fact, that's where I heard
> about the exploit.
> 
> I have not heard that artswrapper has been fixed properly yet. We're
> approaching another release. If I hadn't patched artswrapper, would the
> next release have gone out with the exploit still open ?

To all those who are making noises about Rik's actions:

Did you speak up about a possible solution when the advisory came out?
Do you have a way to fix this hole *the right way*?
Do you intend to fix it *the right way* in the near future?

If your answer is no to all, do something constructive elsewhere.

Thanks,
--
Nadeem Hasan
nhasan@nadmm.com
http://www.nadmm.com/

______________________________________________________
This mail sent through http://webmail.nadmm.com/
[prev in list] [next in list] [prev in thread] [next in thread]