From kde-core-devel Mon Feb 23 01:58:45 2009 From: Michael Pyne Date: Mon, 23 Feb 2009 01:58:45 +0000 To: kde-core-devel Subject: Re: .desktop security changes are committed Message-Id: <200902222058.48989.mpyne () purinchu ! net> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123535438928998 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--nextPart3312952.M2LGnjnLn1" --nextPart3312952.M2LGnjnLn1 Content-Type: multipart/alternative; boundary="Boundary-01=_WLgoJUTx3k03ekM" Content-Transfer-Encoding: 7bit --Boundary-01=_WLgoJUTx3k03ekM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Sunday 22 February 2009, John Tapsell wrote: > 2009/2/22 Michael Pyne : > > "This will start the program '%s'. If you are unsure of the origin, click > > Cancel." > > Could you try to sanitize %s somewhat? Strip out ' and " characters, > cut it to 10 or so characters etc. Try to make it difficult for > social engineering through the program name. Sure, shouldn't be too hard. Regards, - Michael Pyne --Boundary-01=_WLgoJUTx3k03ekM Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit On Sunday 22 February 2009, John Tapsell wrote:
> 2009/2/22 Michael Pyne <BALEETED>:
> > "This will start the program '%s'. If you are unsure of the origin, click
> > Cancel."
>
> Could you try to sanitize %s somewhat? Strip out ' and " characters,
> cut it to 10 or so characters etc. Try to make it difficult for
> social engineering through the program name.


Sure, shouldn't be too hard.


Regards,
- Michael Pyne

--Boundary-01=_WLgoJUTx3k03ekM-- --nextPart3312952.M2LGnjnLn1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkmiAtgACgkQqjQYp5Omm0oPnACeOYxq+MOvxD6H4xErPUfLU+jI VSgAn2/NTOssxqsD0aDD2uSBKWoWnQRq =suhc -----END PGP SIGNATURE----- --nextPart3312952.M2LGnjnLn1--