[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Bug#14253: kmail html security bug
From: David Faure <david () mandrakesoft ! com>
Date: 2000-11-04 15:31:16
[Download RAW message or body]
On Tuesday 31 October 2000 20:27, Daniel Naber wrote:
> > On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:
>
> > So it is possible to exec programms which needn't arguments. E.g
> > "/sbin/halt" if I work with "root" were big shit.
>
> Nobody is supposed to run KDE as root.
>
> > It was a good thing to disable the HTML-View for default.
>
> It is, or wasn't it for you?
>
> Anyway, thanks for the bug report. I will also increase severity, as it
> should be fixed. See below for how to reproduce (you need the file
> of course. click on the link and it will start.)
>
> To the khtml guys: how can we disable executing local URLs on click?
That's already done. See bool KHTMLPart::checkLinkSecurity(KURL linkURL).
--
David FAURE, david@mandrakesoft.com, faure@kde.org
http://www.mandrakesoft.com/~david/, http://www.konqueror.org/
KDE, Making The Future of Computing Available Today
See http://www.kde.org/kde1-and-kde2.html for how to set up KDE 2
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic