On Tue, 2005-25-01 at 10:59 +0100, Frank Lichtenheld wrote:
> On Tue, Jan 25, 2005 at 08:01:00AM +0100, Goswin von Brederlow wrote:
> [...]
> > Both of them, if exploitable, would be bugs in the Xrm or Xpm library
> > respectively.
> >
> > The same argument can probably made against pretty much any X
> > application and X itself. There is a lot of software that just loads
> > in user defined xpm files and such.
>
> The difference is the setgid bit, which AFAICT was the whole point of
> the bug report. If it is removed, most of the issues aren't problematic
> anymore.
The whole discussion was quite interesting, but I am also in favor of
removing the sgid bit. I am currently w/o signed GPG key and on
especially this week on a 14k4 modem that hangs up every few minutes, so
fetching anything over 100kB is problematic. Therefore could somebody
please just remove this sgid in an NMU?
Thanks in advance,
GBP
--
Grzegorz B. Prokopski <[EMAIL PROTECTED]>
SableVM - Free, LGPL'ed Java VM http://sablevm.org
Why SableVM ?!? http://sablevm.org/wiki/Features
Debian GNU/Linux - the Free OS http://www.debian.org
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
