Re: Accepted lynx 2.8.5-2sarge2.2 (source i386)
- To: Thomas Dickey <dickey@radix.net>
- Cc: Guus Sliepen <guus@debian.org>, debian-devel@lists.debian.org, 396964@bugs.debian.org
- Subject: Re: Accepted lynx 2.8.5-2sarge2.2 (source i386)
- From: Florian Weimer <fw@deneb.enyo.de>
- Date: Sat, 02 Dec 2006 16:51:45 +0100
- Message-id: <[🔎] 877ixaz46m.fsf@mid.deneb.enyo.de>
- In-reply-to: <20061130131129.GA4520@saltmine.radix.net> (Thomas Dickey's message of "Thu, 30 Nov 2006 08:11:29 -0500")
- References: <7lKvS-RM-17@gated-at.bofh.it> <20061130114121.GB638@saltmine.radix.net> <20061130114726.GU17457@sliepen.eu.org> <20061130120014.GA24577@saltmine.radix.net> <20061130124631.GR15431@sliepen.eu.org> <20061130131129.GA4520@saltmine.radix.net>
* Thomas Dickey:
> It's a #define. But the change to use the home directory is in the
> wrong place. I'd point out that it doesn't solve the problem, and
> that the program is still subject to the same issue as reported, [...]
This is not correct. Gracious write operations to the home directory
are considered a security problem, but file creation in other
directories does not share this problem. Unless software
automatically interprets certain files in the current directory, which
is a very bad thing to do for that reason.
It seems to me that the patch should be changed to prepend the home
directory if the configured path is not absolute (that is, does not
start with a slash).
Reply to: