On Mon, Jun 06, 2005 at 08:45:11PM +0200, Martin Braure de Calignon wrote: > Le lundi 06 juin 2005 à 14:28 -0400, Anthony DeRobertis a écrit : > > Roberto C. Sanchez wrote: > > Ummm, I think you've missed my point. The thread is discussing a GAIM > > (instant message client) plugin. So that script is not run by you, it is > > run by an arbitrary stranger sending you an instant message, but on your > > machine and as you. That's why its a problem. > > > > Looks like if you installed this package, I could send you an IM and > > overwrite an arbitrary file on your machine. > > > > [This is just judging from the code snippet posted; don't have time to > > fully audit the software.] > > > > > Well, you're right. > So I think I won't package it. Do I have to do something special with > the BTS ? Close the bug ? add a wont-fix tag ?
Make a version which generates the image on the sending side? -- Daniel Jacobowitz CodeSourcery, LLC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
