[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#14253: kmail html security bug
From: Andreas Pour <pour () mieterra ! com>
Date: 2000-11-01 18:44:26
[Download RAW message or body]
Daniel Naber wrote:
>
> On Wednesday 01 November 2000 11:33, Andreas Pour wrote:
>
> > I'm sorry, but that answer is a cop-out. KMail will hopefully be fixed
> > to not execute scripts; in fact there was a long discussion about this
> > some months ago and I thought it had been fixed.
>
> What do you expect us to do? Have a complete security audit to make sure
> it can safely be used as root?
Hmm, that would be great, and certainly would avoid KMail being lumped
together with Out.Exp. in some not-so-flattering categories, but at
least when security bug reports like this come in they should be fixed.
> Other people failed to do so for apps that
> are much less complex. What I want to say is: If you're using KMail as
> root, that's your problem and not mine.
Here I was naively thinking that KDE was supposed to be an environment
that would be suitable for non-techhies and was supposed to open Linux
to people like our parents, secretaries, lawyers and other people who
don't know the difference between root and non-root (since in Windows
everyone is root). Guess I was wrong, and classes in Unix system
administration/security are required.
Ciao,
Andreas Pour
http://www.kde.com/ : Everything KDE
http://apps.kde.com/: The Latest in KDE Applications
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic