artswrapper defanged
Rik Hemsley
rik at kde.org
Fri Jul 19 08:51:23 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
#if Matthias Welwarsky
> What you _should_ have done is publish a security advice that tells
> people to remove the suid bit of artswrapper. This has the same
> effect as patching the feature away in the source: None. But it would
> have saved people a lot of breath.
There is already a security advisory, in fact, that's where I heard
about the exploit.
I have not heard that artswrapper has been fixed properly yet. We're
approaching another release. If I hadn't patched artswrapper, would the
next release have gone out with the exploit still open ?
Rik
- --
http://rikkus.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE9N8T76rehpl6X9l0RAoPhAJ48wIW2tR/ZC91bGVtpaupwSfWqRQCfcLMN
FMs+y6B3BeAU6Cp6IH4tCRE=
=c0rK
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list