* Should use system zlib
* virtuoso-t should be installed in /usr/lib since it doesn't run sanely alone
in /usr/bin (and lacks a man page)
* Config files (*.cfg) are all out of the local directory. virtuoso-t should
only be run from a safe location in a user's home directory where no surprise
settings can be injected.
* libsrc/Wi/bif_files.c should be changed to force all the "if (do_os_calls)"
checks to fail, regardless of configuration setting. This seems like a
dangerous ability for it to have.
There is a lot of memory allocation code, but given how far removed from
direct 3rd party data this software will be, I'm relatively comfortable
with that. I would, however, expect that this code will need attention
during the lifetime of Lucid.
If the above 4 points can be addressed (#3 is actually in nepomuk, I
think), this would be okay for main, given that it is a very stripped
down version of virtuoso-opensource.
** Changed in: virtuoso-opensource (Ubuntu)
Importance: Undecided => High
** Changed in: virtuoso-opensource (Ubuntu)
Status: New => Incomplete
** Changed in: virtuoso-opensource (Ubuntu)
Assignee: Kees Cook (kees) => Jonathan Riddell (jr)
--
main inclusion request for virtuoso
https://bugs.launchpad.net/bugs/503774
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
