artswrapper defanged
Nadeem Hasan
nhasan at nadmm.com
Fri Jul 19 14:19:21 BST 2002
Quoting Rik Hemsley <rik at kde.org>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> #if Matthias Welwarsky
> > What you _should_ have done is publish a security advice that tells
> > people to remove the suid bit of artswrapper. This has the same
> > effect as patching the feature away in the source: None. But it would
> > have saved people a lot of breath.
>
> There is already a security advisory, in fact, that's where I heard
> about the exploit.
>
> I have not heard that artswrapper has been fixed properly yet. We're
> approaching another release. If I hadn't patched artswrapper, would the
> next release have gone out with the exploit still open ?
To all those who are making noises about Rik's actions:
Did you speak up about a possible solution when the advisory came out?
Do you have a way to fix this hole *the right way*?
Do you intend to fix it *the right way* in the near future?
If your answer is no to all, do something constructive elsewhere.
Thanks,
--
Nadeem Hasan
nhasan at nadmm.com
http://www.nadmm.com/
______________________________________________________
This mail sent through http://webmail.nadmm.com/
More information about the kde-core-devel
mailing list