On Wed, 13 Sep 2000, Carlos A M dos Santos wrote:
> On Wed, 13 Sep 2000, John Levon wrote:
>
> > On Wed, 13 Sep 2000, Arnd Hanses wrote:
> >
> > How would this even be possible ? We are discussing the safety of gettext
> > calls, the only way this could be a problem is if a) someone made LyX suid
> > or b) someone used LyX in a suid app
>
> Or c) user root using LyX.
how does a malicious user insert dangerous environment variables into
root's environment ? I can't see this is an issue. Of course, it's bad
practice to run things as run as root unless necessary anyway.
> But remember that security also means
> protecting user privacity.
>
of course
>
> The /tmp races could be avoided by creating a temporary directory, say
> ~/.lyx/tmp and using it instead of /tmp. I personally dislike the use of a
> globally writable directory and consider this one of the main flaws in
> most of the UNIX utilities.
>
yes, well Juergen has already answered this one ;)
john
--
"...except Alan Cox, but he's actually not human, but about
a thousand gnomes working in under-ground caves in Swansea."
- Linus Torvalds