[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: kdesu overrides user's PATH with hardcoded path
From:       Oswald Buddenhagen <ossi () kde ! org>
Date:       2008-09-05 6:57:01
Message-ID: 20080905065701.GA19438 () troll08
[Download RAW message or body]

On Thu, Sep 04, 2008 at 03:55:38PM -0700, Michael Howell wrote:
> On Wed, Sep 3, 2008 at 11:40 PM, Oswald Buddenhagen <ossi@kde.org> wrote:
> > *how* is a bad cat supposed to get into ~/bin, huh? why do you want to
> > secure the door of an obviously blown up house?
> >
> Find a security vulnerability in some random application that gives I/O
> access to people on the outside.
> 
do you know how ridiculously improbable it is that you get a security
hole that allows you creating executable files in ~/bin but nothing
else?

> Or trick someone into decompressing a rigged archive.
>
that was already debunked.

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Confusion, chaos, panic - my work here is done.
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]