KDE 3.1: delayed
Waldo Bastian
bastian at kde.org
Fri Dec 6 00:27:12 GMT 2002
On Friday 06 December 2002 01:07, Charles Samuels wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 05 December 2002 3:44, Dirk Mueller wrote:
> > On November 26th, we've been notified by FozZy from the "Hackademy
> > Audit Project" about security problems in KDE.
>
> I'd like to know, out of curiosity's sake, what this problem actually is.
> Unless there's reason to believe that if you divulge it, people would take
> advantage of it, that is.
The idea is that you must properly quote program arguments before passing them
to a shell if you want to rule out the possibility that they are being
interpreted as shell commands themselves.
Cheers,
Waldo
--
bastian at kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian at suse.com
More information about the kde-core-devel
mailing list