[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Bug#14253: kmail html security bug
From: Michael Haeckel <Michael () Haeckel ! Net>
Date: 2000-11-01 16:25:46
[Download RAW message or body]
On Wednesday, 1. November 2000 15:32, Don Sanders wrote:
> > Oh, I just checked in a fix for the HEAD branch too. I guess they didn't
> conflict, perhaps Michael's patch is better feel free to revert mine.
>
> I regard the problem as a bug but not a security exploit. Still it's a
> serious bug and the person who discovered it did a good job.
>
> I agree with the comments Daniel and George made about running KMail as
> root being a bad idea.
Your patch simply prevents the execution or opening of local files. This is a
good idea since there is no use for that. I guess, that is the easier
solution.
My patch also would prevent the case, that someone puts an executable file or
shell script on a web server and inserts a link to it in a mail, but I guess
that doesn't work anyway, at least I didn't manage to make it working.
I solved it in the same way as Konqueror does.
I think, I can revert my patch then.
Regards,
Michael Häckel
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic