Hi, José Manuel Santamaría Lema wrote (12 Jan 2013 23:37:41 GMT) : > Just for your information, I tried to do a couple malicious things in the > worst case scenario (i.e. with the unix socket enabled): [...]
Thanks for checking! > I doubt this can be security problem, but if you figure out a way to exploit > it, please just file a bug against virtuoso explaining how you did it I'm not particularly interested in Virtuoso, so I doubt I'll take the time to seriously audit this specific potential source of issues myself. (I still see no good reason to perpetuate such bad security practices that tend to hit you by surprise sooner or later, and requires careful auditing to check version N is not affected, but well. </nitpicking> :) > (note that while your concerns may be reasonable, they > aren't actually related to the fixes intended to be included in > wheezy). Fair enough. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
