Hi,
while I agree that running yiff with lesser privileges is desirable
I can't see a RC security problem in this case. You can't crash
a system be reading from /dev, /proc or /sys, even reading from raw
hard disk devices doesn't cause harm. If you know such a scenario
please describe it, otherwise this bug should be downgraded to
"normal".
>From your description yiff does sanity checks, whether a file it has
opened is really a sound file, so I don't even see an acoustic DoS
attack here :-)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
