-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Since Sapient is effectivley blocked from using the ml due to a really bad setup by the hotmail guys (okay, they are part of microsoft, but is this enough reason not to follow any standards? cf https://gna.org/support/?1843) I am now forwarding this mail of his. Cheers, Nils Kneuper aka Ivanovic
~ --- Begin Message --- ~ * To: dev-talk <[EMAIL PROTECTED]> ~ * Date: Sat, 15 Mar 2008 23:12:41 +0000 ~ * Importance: Normal ~ * Message-id: <[EMAIL PROTECTED]> ~ * References: <[EMAIL PROTECTED]> ~ I feel like the Emporer's New Clothes here, but am I the only one who doesn't buy the claim that ".." is a security hole? ~ If I have access only to "dir1" then logically I have access to "dir1/dir2/.." but not "dir1/.." ~ Are you saying that this is too complex for a C++ program to determine? ~ Furthermore, there are unexpected situations where you may need to gather resources outside of your encapsulated zone, but still within the scope of your Wesnoth permissions. ~ For example, a Multiplayer map may want to include an (optional) image reference to something in the Son of the Black Eye campaign. Under our current model that can be done, but under your proposal (if I understand it correctly), that option would no longer be allowed unless we force ALL image references to be fully qualified from the Wesnoth root. ~ Finally, if functions and string literals in the C++ cannot be trusted then you have far worse problems on your hands than directory paths containing ".." ~ --- End Message --- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH3HUUfFda9thizwURAnKHAJ44t+76lVFhbpDRb8Hkkuez2xulrwCdE7Nn ltrOgRNgeGOIiIy4CV4oW6Q= =c1pR -----END PGP SIGNATURE----- _______________________________________________ Wesnoth-dev mailing list [email protected] https://mail.gna.org/listinfo/wesnoth-dev
