On Wed, 13 Sep 2000, Arnd Hanses wrote:
> On 13 Sep 2000 12:42:49 +0200, Jean-Marc Lasgouttes wrote:
>
> >
> >I thought it was only a problem for suid programs... I would not give
> >LyX such special rights, anyway...
>
> What, if a talented and qualified intrusor would be able to connect the
> functions to a suid program?
How would this even be possible ? We are discussing the safety of gettext
calls, the only way this could be a problem is if a) someone made LyX suid
or b) someone used LyX in a suid app
Both are obviously wrong things to do, and neither are open to a malicious
hacker ...
The only security concerns I can see for LyX is /tmp races if LyX is run
as root, or a privileged user of some sort, and the attachment/macro virus
stuff, which I believe the interested parties are very very aware of ;)
> This only means that one leak has already
> been confirmed, there might exist more potential leaks. OpenBSD, on the
> other hand, is a maximum paranoia system, written for and by insanely
> paranoid sysadmins. ;-)
>
Some of us have had brushes with Theo before ;)
john
--
"For every problem there is one solution which is simple, neat, and wrong."
- H. L. Mencken
