Re: Intent to package Xswallow
--On Mon, May 4, 1998 3:22 pm +0100 "Martin Read"
<mpread@chiark.greenend.org.uk> wrote:
> Javier Fernandez-Sanguino Pen~a writes:
>> Xswallow is a plugin for Netscape that allows ANY X-based application
>> tu run inside Netscape. This allows you to run a VRML browser
(vrwave,vrweb..) or
>> a midi application inside Netscape without having to expressely save to
disk
>> and then run it aside. It works with <EMBED> tags and /etc/mime.types.
>
> This sounds distressingly like a serious security hole - unless it refuses
> requests resembling "xterm -e foo". It's not quite as bad as "xhost +",
> I'll admit, but it does sound like a major risk nevertheless.
I assume the point is that it will only execute applications listed in
/etc/mailcap, which is fine.
He didn't provide a URL, so I can't check..
Jules
/----------------+-------------------------------+---------------------\
| Jelibean aka | jules@jellybean.co.uk | 6 Evelyn Rd |
| Jules aka | | Richmond, Surrey |
| Julian Bean | jmlb2@hermes.cam.ac.uk | TW9 2TF *UK* |
+----------------+-------------------------------+---------------------+
| War doesn't demonstrate who's right... just who's left. |
| When privacy is outlawed... only the outlaws have privacy. |
\----------------------------------------------------------------------/
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: