Hello,
Some people might have seen the article on Slashdot regarding the security vulnerabilities of certain terminal emulation software, most worryingly Eterm, that allow any files the user has write access for, to be overwritten.
(Slashdot article here: http://slashdot.org/article.pl?sid=03/03/01/2144223&mode=nested&tid=172 , and
original paper here: http://www.digitaldefense.net/labs/papers/Termulation.txt )
Apparently it is fixed in 0.9.2 (!!! - xterm has been fixed since X11R5), but since the Fink package is maintainerless at the moment it is in limbo at 0.9.
Not to say it's completly unimportant, but let's not forget, this will only affect people that are, in order:
1) attacked by somebody using this exploit
2) using eterm
3) viewing their logs with some tools (tail) in eterm, browsing to the part with the exploit
So, while it's clearly possible to exploit, the probability is quite low...
In any case, if nobody wants to update/maintain eterm, I say we just yank it <shrug>
Max
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Fink-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/fink-devel
