Paul Crawford <p...@sat.dundee.ac.uk> posted 499d2152.4030...@sat.dundee.ac.uk, excerpted below, on Thu, 19 Feb 2009 09:07:30 +0000:
> I thought about the possible changes to fix this, and it occured that > there are two options: > > (1) Add the call to UUSetOption (UUOPT_IGNMODE, 1, NULL) somewhere. > > (2) Change line 140 of uulib/uulib.c to have: > > int uu_ignmode = 1; > > (i.e. we make the decoder start-up to safe mode, so anyone wanting POSIX > has to call UUSetOption to reset the ignore mode). > > First solution works best is uulib is a separate entity from Pan and > users do not want the default behaviour changed, second is better if > uulib is integrated and/or could be used by anything else where this > hole in security could be an issue. The only binary the pan package includes is pan itself, no libraries, so it's using it internally, regardless of the discouragement on using internal libraries due to the security headaches when they have a hole that needs fixed and one has to figure out how many apps have internal versions... That said, internal or not, keeping the library code as pristine as possible should be a goal, so I'd say option 1, adding the call to UUSetOption (UUOPT_IGNMODE, 1 NULL) somewhere, is the "correct" solution. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman _______________________________________________ Pan-users mailing list Pan-users@nongnu.org http://lists.nongnu.org/mailman/listinfo/pan-users
