artswrapper defanged
Stefan Westerfeld
stefan at space.twc.de
Fri Jul 12 14:53:35 BST 2002
Hi!
On Fri, Jul 12, 2002 at 09:55:05AM +0200, Dirk Mueller wrote:
> On Don, 11 Jul 2002, Neil Stevens wrote:
> > > of service vulnerability is fixed.
> > It's not a vulnerability, it's an intentional feature.
>
> But its implementation is flawed. IMHO artswrapper should ONLY execute
> artsd, not an arbitary command like it is now.
It executes only artsd. This is why there is a define in the Makefile, the
path to artsd gets hardcoded in the artswrapper executable. The problem
with the format string vulnerability was that you could make artsd execute
something else.
But as I pointed out in my other, lengthy mail, fixing this doesn't change
anything with respect to intentional abuse.
Cu... Stefan
--
-* Stefan Westerfeld, stefan at space.twc.de (PGP!), Hamburg/Germany
KDE Developer, project infos at http://space.twc.de/~stefan/kde *-
More information about the kde-multimedia
mailing list