Le lundi 06 juin 2005 à 14:28 -0400, Anthony DeRobertis a écrit : > Roberto C. Sanchez wrote: > Ummm, I think you've missed my point. The thread is discussing a GAIM > (instant message client) plugin. So that script is not run by you, it is > run by an arbitrary stranger sending you an instant message, but on your > machine and as you. That's why its a problem. > > Looks like if you installed this package, I could send you an IM and > overwrite an arbitrary file on your machine. > > [This is just judging from the code snippet posted; don't have time to > fully audit the software.] > > Well, you're right. So I think I won't package it. Do I have to do something special with the BTS ? Close the bug ? add a wont-fix tag ?
Cheers, -- Martin Braure de Calignon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
