Mikhael,
on 1-Jan-2004 You fixed a vulnerability in fvwm-menu-directory.in
that allowed an attacker to execute commands with the rights of
the fvwm user. I have backported it to 2.4.18, but I'm unsure if
the other fvwm-menu* scripts are vulnerable too.
The fvwm_make_{browse,directory]_menu.sh scripts are definitely
vulnerable too. As I don't know how to fix them, should they be
removed?
Ciao
Dominik ^_^ ^_^
--
Visit the official FVWM web page at <URL:http://www.fvwm.org/>.
To unsubscribe from the list, send "unsubscribe fvwm-workers" in the
body of a message to [EMAIL PROTECTED]
To report problems, send mail to [EMAIL PROTECTED]
