-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tags 417789 -security thanks
> I tagged this bug as grave+security because it can be used to make > elinks load any corrupted file, and possibly execute arbitrary code. How? Those are only strings. Nothing is executed from po/mo/gmo files. > Imagine an evil user placing some specially crafted files in > "/tmp/po/". Then, another user (root for example) runs elinks from a > directory "/tmp/foo/", and thus loads the bad file(s). If they are loaded, that doesn't mean they are executed. I won't deny that the relative path thingie leads to segfault (I haven't tested), but the security tag doesn't seem justified. - -- Regards, EddyP ============================================= "Imagination is more important than knowledge" A.Einstein -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGE9qzY8Chqv3NRNoRAgS4AJ9QhbdIeovqdFZlmKqVhDREcxhGkQCfeZi1 Ru7qVfge1S0ofWGjCwj8fwc= =bLEZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
