* Al Nikolov <[EMAIL PROTECTED]> [050413 17:36]: > Please consult me. A bad checking of "unexpected" command-line arguments > causing segmentation fault - is that behaviour must be counted as a > grave/normal/minor bug?
I'd suggest: - bad checking -> minor or normal, depending what "unexpected" means. - same causing segfault -> normal (segfaults are never minor in my eyes) - causing segfault in a way that could be exploitable and the arguments are normaly supplied by something the user has no control over (like it may be normal your browser calls it with arguments coming from the net in a way to provoke this) -> grave and tag it security. - causing segfault in a way that could be exploitable and the arguments are not from the same user/group the program is running as. (Like a suid/sgid-binary, being normaly called from a cgi with the arguments coming from the net [I hope nothing does so stupid things, as it is hard to do so without additional holes] in a way to trigger this and so on -> critical and tag in security Hochachtungsvoll, Bernhard R. Link -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
