Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Quoting David Mandelberg (mandelbergd@eth0.is-a-geek.org):
> Do you mean to say that opening "message.txt\t\t\t.desktop" which
> happens to be a freedesktop.org compliant launcher for the program "rm
> -rf $HOME" is safe because it's designed for people running one of the
> F/OSS products GNOME or KDE on a F/OSS OS?
Please advise this mailing list of which specific Linux or BSD MUA (or
specific configuration thereof) is willing to execute a received binary
or script attachment. I'll very interested to read your specific report
that details an actual, reproducible test.
In anticipation,
Rick M.
Reply to: