artswrapper defanged
Dirk Mueller
mueller at kde.org
Fri Jul 12 08:55:05 BST 2002
On Don, 11 Jul 2002, Neil Stevens wrote:
> > of service vulnerability is fixed.
> It's not a vulnerability, it's an intentional feature.
But its implementation is flawed. IMHO artswrapper should ONLY execute
artsd, not an arbitary command like it is now.
As a normal user I can do artswrapper -a somethingthatuses100percentcpu
and the system is dead, that means there is no chance to change anything or
kill the process.
IMHO it should not start apps that are not installed in dirs where only root
has write permissions, and it should only start something that looks like
artsd, not an arbitary application.
This together with the fixing the format string vulnerabilities should
enhance the security significantly.
--
Dirk (286 mails today)
More information about the kde-multimedia
mailing list