|
From: | Knut Petersen |
Subject: | Re: Security problem: lilypond-invoke-editor |
Date: | Thu, 23 Nov 2017 11:56:01 +0100 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 |
Am 23.11.2017 um 10:23 schrieb David Kastrup:
Stupid question: what does run-editor do to be inherently safer than run-browser, and what would prevent run-browser from doing the same?
Your suspicion is correct. Also textedit URIs are vulnerable to a very similar attack. So EVERYBODY should completely disable (delete/rename) lilypond-invoke-editor for now. Knut
[Prev in Thread] | Current Thread | [Next in Thread] |