Re: Intent to package Xswallow

To: Martin Read <mpread@chiark.greenend.org.uk>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: Intent to package Xswallow
From: Javier Fdz-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>
Date: Mon, 4 May 1998 15:51:15 +0200
Message-id: <[🔎] 19980504155115.A2239@ieeesb.etsit.upm.es>
In-reply-to: <[🔎] E0yWM8g-0008Os-00@chiark.greenend.org.uk>; from Martin Read on Mon, May 04, 1998 at 03:22:42PM +0100
References: <[🔎] Pine.LNX.3.96.980504142523.32266A-100000@atlante.ieeesb.etsit.upm.es> <[🔎] E0yWM8g-0008Os-00@chiark.greenend.org.uk>

On Mon, May 04, 1998 at 03:22:42PM +0100, Martin Read wrote:
> Javier Fernandez-Sanguino Pen~a writes:

> This sounds distressingly like a serious security hole - unless it refuses
> requests resembling "xterm -e foo".  It's not quite as bad as "xhost +",
> I'll admit, but it does sound like a major risk nevertheless.
> 
> > 	I have tried it with Netscape 3.0 and 4.0b5 (not with Mozilla yet :( )
> > it can be found as a RedHat package so I intend to use this first for the
> > first release. BTW it is GPL'd.
> 
> Martin

	As a matter of fact I will only launch applications associated with
/etc/mime.types and configured in an installed file (xswallow.conf en /usr/lib/netscape).

	So it *may* be a security hole, but just if you allow it as many other
things :)

	Javi


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Intent to package Xswallow
  - From: Javier Fernandez-Sanguino Pen~a <jfs@ieeesb.etsit.upm.es>
- Intent to package Xswallow
  - From: Martin Read <mpread@chiark.greenend.org.uk>

Prev by Date: Re: Yet another Linux distribution! :-)
Next by Date: Re: Bug#21969: debian-policy: needs clarification about Standards-Version
Previous by thread: Re: Intent to package Xswallow
Next by thread: Re: Intent to package Xswallow
Index(es):
- Date
- Thread