[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: Bug#14253: kmail html security bug
From:       David Faure <david () mandrakesoft ! com>
Date:       2000-11-04 15:31:16
[Download RAW message or body]

On Tuesday 31 October 2000 20:27, Daniel Naber wrote:

> > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
> 
> > So it is possible to exec programms which needn't arguments. E.g
> > "/sbin/halt" if I work with "root" were big shit.
> 
> Nobody is supposed to run KDE as root.
> 
> > It was a good thing to disable the HTML-View for default.
> 
> It is, or wasn't it for you?
> 
> Anyway, thanks for the bug report. I will also increase severity, as it 
> should be fixed. See below for how to reproduce (you need the file
> of course. click on the link and it will start.)
> 
> To the khtml guys: how can we disable executing local URLs on click?

That's already done. See bool KHTMLPart::checkLinkSecurity(KURL linkURL).

-- 
David FAURE, david@mandrakesoft.com, faure@kde.org
http://www.mandrakesoft.com/~david/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today
See http://www.kde.org/kde1-and-kde2.html for how to set up KDE 2


>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]