Re: keynote DSO
On Mon, 17 May 2004 rm@fabula.de wrote:
>
> ... _unless_ there's actually _is_ a user 'ben' on the box and he has
> a tweaked version of keynote ....
>
> > where it finds the proper headers.
>
> What headers? Doesn't '-L' set the library search path. I'd consider this
> a security thread. A smart intruder might place his version of libkeynote
> into '/home/ben/work/KeyNote' and hell breaks lose.
>
> Just my 0.02$
>
Thanks but how things are working now the attackers can try to do as much
as they want, but i seriously doubt they will succeed to do as good as
upstream (see #237763) ;).
Fabio
--
<user> fajita: step one
<fajita> Whatever the problem, step one is always to look in the error log.
<user> fajita: step two
<fajita> When in danger or in doubt, step two is to scream and shout.
Reply to: