Am 09.07.98 schrieb apharris # burrito.onshore.com ... Moin Adam!
APH> You must not understand my terminology. The fact that you are APH> constructing a database out of the metadata, in the current dhelp, APH> means that you are "shadowing", or "keeping another copy" of the APH> metadata itself. I don#t see the problem. My databases include several additional informations. APH> This leads to bugs and problems. It's a fact of APH> software design. Ok, that means that using for example a search program like glimpse or htdig is a bad idea, because these programs build their own databases, too, to speed up the searching. Of course, every program can introduce new bugs and problems. APH> My dream is to have a single fast-access method of accessing metadata APH> that works for *all* display systems, but that might be a pipe dream. I think it#s not possible. All programs have got other needs. APH> > Nonsense, there#s no real bug in dhelp. Please tell me the number of APH> > the bug report. APH> Bug#21361. Is this the symlink problem? This is not a problem caused by dhelp but by the httpd. You can#t access documents that are not in /usr/doc. The httpd shouldn#t follow symlinks. Or is this your bug report? This is a bug and I#ll fix it. APH> If I did a security audit on dhelp, I'm sure I could find APH> a number of overflow conditions and bugs in the system could be APH> triggered by malicious dhelp files. I don#t think so. APH> Since dhelp_parse -r will readily APH> gobble these, and ince root usually runs this, the current situation APH> is a little troubling. /usr/doc shouldn#t be writable by non root users! And a lot of programs have got such overflow problems (sendmail :) ). APH> display system. Again, it's worrying but I don't think we're going to APH> solve it this time around, but you should recognize the flaws. Again, I#m always open for suggestions how to improve dhelp. cu, Marco -- Uni: [EMAIL PROTECTED] Fido: 2:240/5202.15 Mailbox: [EMAIL PROTECTED] http://www.tu-harburg.de/~semb2204/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
