* Filip Van Raemdonck <[EMAIL PROTECTED]> [2007-10-23 15:08:15 CEST]: > I agree that the problem about not being able to run -sotbe is the > versions that are off. > > I disagree that stricter versioning is the end solution.
Not the end solution, but one required anyway because it just won't work this way. Talking with Andreas about the issue made me come up with something that I consider quite a bit stable and useful. > Consider this: a (malicious?) external party finds a way to reproduce > and exploit the segfault through a custom scenario (or campaign), and > starts distributing said exploit. The segfault only leads to a DoS when wanting to start that specific campaign, and an assertion is nothing that could get exploited to the extend of anything else than that. I've btw. talked to upstream and from what I was told this got fixed in the development branch. It is considered a too minor issue to put efforts into backporting the fix for the stable release, and I have to agree here. > Unless wesnoth is fixed to handle the issue that causes the segfault > graciously, like with an error message "oops can't start this scenario > somethings broken with it" you now have a security problem. Based on what do you call this issue a security problem? Please explain or stop throwing around such statements, thank you very much. I thought about taking a look at the differences between the versions in that file myself, but such strange accusings pretty much eliminates any motivation to go that direction. <http://svn.gna.org/viewcvs/wesnoth/> for a starting point. So long, Rhonda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
