Le samedi 25 avril 2009 à 13:34 -0400, Michael S. Gilbert a écrit : > On Sat, 25 Apr 2009 01:15:11 +0000 Debian Bug Tracking System wrote: > > This is an automatic notification regarding your Bug report > > which was filed against the nautilus package: > > > > #515104: nautilus: potential exploits via application launchers > > awesome! any chance of backporting this to lenny (and perhaps etch), or > are the changes too substantial?
The changes are already substantial compared to nautilus 2.24, but 2.20 in lenny is a quite different codebase (GIO vs. GnomeVFS). I presume it would be a lot of work to do the porting, but it is probably feasible, maybe by extending the existing patches that check for .desktop files safety. It may be simpler to cater for the most obvious attack vector, by making epiphany and iceweasel refuse to store files with names ending in .desktop. Cheers, -- .''`. Josselin Mouette : :' : `. `' “I recommend you to learn English in hope that you in `- future understand things” -- Jörg Schilling
signature.asc
Description: Ceci est une partie de message numériquement signée
