Hi Alyssa, Am Sonntag, den 28.04.2013, 12:29 +0200 schrieb Alyssa Milburn:
> > Never mind that not caring about input parameter validation is clearly > > *bad* design in the first place. > > Right, I'm certainly not defending that code, and I expect it will get > promptly fixed. I just mean that I think the idea is that you should be > very paranoid about who gets access to it in any case. sorry, if I was a little bit harsh here. I was a little bit shocked after reviewing the source code. > I imagine further security reviewing of the BOINC code would be welcome. I > spent some time reviewing the non-ops code, for example the scheduler: > > http://thread.gmane.org/gmane.comp.distributed.boinc.user/3776 > http://thread.gmane.org/gmane.comp.distributed.boinc.user/3741 > > And someone else found input parameter issues in the non-ops PHP code: > > http://thread.gmane.org/gmane.comp.distributed.boinc.user/3658 > Thanks for the hint, applied! Did anyone notify the debian security team? The wheezy boinc-server package doesn't seem to include those fixes... Regards, Peter -- You know you're in trouble when... (1) You've been at work for an hour before you notice that your skirt is caught in your pantyhose. Especially if you're a man. (2) Your blind date turns out to be your ex-wife. (3) Your income tax check bounces. (4) You put both contact lenses in the same eye. (5) Your wife says, "Good morning, Bill" and your name is George. (6) You wake up to the soothing sound of flowing water... the day after you bought a waterbed. (7) You go on your honeymoon to a remote little hotel and the desk clerk, bell hop, and manager have a "Welcome Back" party for your spouse. _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
