bug-gnustep
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #29755] gdomap information disclosure vulnerabilities

From: Fred Kiefer
Subject: [bug #29755] gdomap information disclosure vulnerabilities
Date: Wed, 05 May 2010 08:47:24 +0000
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 
Follow-up Comment #3, bug #29755 (project gnustep):

I think what you did was a great work around, that removes the obvious
security leak. I wouldn't call this a full fix of the problem as it is still
possible to access information the user isn't allowed to access. She can no
longer view this information directly, but if that information follows a
certain pattern it still gets used and may be then available in some way.
(Yes, this is paranoia talking, but security is about the worst case)

In most typical GNUstep setups gdomap is no longer needed, so we may just
need a bit more documentation for distributions about when to install it at
all and maybe then your fix would be sufficient. Otherwise the dropping of the
privileges sounds like the best option.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?29755>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]