Follow-up Comment #3, bug #29755 (project gnustep):
I think what you did was a great work around, that removes the obvious
security leak. I wouldn't call this a full fix of the problem as it is still
possible to access information the user isn't allowed to access. She can no
longer view this information directly, but if that information follows a
certain pattern it still gets used and may be then available in some way.
(Yes, this is paranoia talking, but security is about the worst case)
In most typical GNUstep setups gdomap is no longer needed, so we may just
need a bit more documentation for distributions about when to install it at
all and maybe then your fix would be sufficient. Otherwise the dropping of the
privileges sounds like the best option.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?29755>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-gnustep mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-gnustep
