Re^8: Debian Metadata Proposal -- draft rev.1.4
Am 09.07.98 schrieb apharris # burrito.onshore.com ...
Moin Adam!
APH> You must not understand my terminology. The fact that you are
APH> constructing a database out of the metadata, in the current dhelp,
APH> means that you are "shadowing", or "keeping another copy" of the
APH> metadata itself.
I don#t see the problem. My databases include several additional
informations.
APH> This leads to bugs and problems. It's a fact of
APH> software design.
Ok, that means that using for example a search program like glimpse or
htdig is a bad idea, because these programs build their own databases,
too, to speed up the searching.
Of course, every program can introduce new bugs and problems.
APH> My dream is to have a single fast-access method of accessing metadata
APH> that works for *all* display systems, but that might be a pipe dream.
I think it#s not possible. All programs have got other needs.
APH> > Nonsense, there#s no real bug in dhelp. Please tell me the number of
APH> > the bug report.
APH> Bug#21361.
Is this the symlink problem? This is not a problem caused by dhelp but by
the httpd. You can#t access documents that are not in /usr/doc. The httpd
shouldn#t follow symlinks.
Or is this your bug report? This is a bug and I#ll fix it.
APH> If I did a security audit on dhelp, I'm sure I could find
APH> a number of overflow conditions and bugs in the system could be
APH> triggered by malicious dhelp files.
I don#t think so.
APH> Since dhelp_parse -r will readily
APH> gobble these, and ince root usually runs this, the current situation
APH> is a little troubling.
/usr/doc shouldn#t be writable by non root users! And a lot of programs
have got such overflow problems (sendmail :) ).
APH> display system. Again, it's worrying but I don't think we're going to
APH> solve it this time around, but you should recognize the flaws.
Again, I#m always open for suggestions how to improve dhelp.
cu, Marco
--
Uni: Budde@tu-harburg.de Fido: 2:240/5202.15
Mailbox: mbudde@hqsys.antar.com http://www.tu-harburg.de/~semb2204/
--
To UNSUBSCRIBE, email to debian-doc-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: