Thijs Kinkhorst wrote:
First, I think it's always a good idea not to enable DEBUG by default.
Sure, it's a mistake, I perfectly understand this.
Second, I don't think that it requires a rewrite of the entire file to fix
it. Using PHP's tempnam() function to get the filenames instead of the
Hi Thomas,
On Tuesday 26 August 2008 08:17, Thomas Goirand wrote:
Thijs Kinkhorst wrote:
First, I think it's always a good idea not to enable DEBUG by default.
Sure, it's a mistake, I perfectly understand this.
Second, I don't think that it requires a rewrite of the entire file to
fix
This one time, at band camp, Thijs Kinkhorst said:
Last, would a patch like the attached one would do? I'm all but good in
Perl, so I might need help on that one.
That would work indeed if you change the included module (and verify that
that
indeed also works, of course).
reopen 496362
thanks
DBTS Done as the mass-opening of symlink attack in /tmp was wrong in this case.
Why wrong?
{
my $ent = shift;
if ($ent-head-mime_type eq 'message/rfc822') {
if ($DEBUG) {
unlink /tmp/spam.log.$$ if -e /tmp/spam.log.$$;
Hi,
Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug mode. Besides, people tend to
Quoting Thomas Goirand ([EMAIL PROTECTED]):
I'm closing this bug. If you find that it still needs to be fixed, let
me know and reopen the bug.
But then set it to wishlist
This MBF is one of the worse I've ever seen.
signature.asc
Description: Digital signature
Thijs Kinkhorst wrote:
Hi,
Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug
Christian Perrier wrote:
Quoting Thomas Goirand ([EMAIL PROTECTED]):
I'm closing this bug. If you find that it still needs to be fixed, let
me know and reopen the bug.
But then set it to wishlist
This MBF is one of the worse I've ever seen.
I'm reopening the issue, as there is a
Thijs Kinkhorst wrote:
Hi,
Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug
On Monday 25 August 2008 17:28, Thomas Goirand wrote:
Second, do you guys think that setting the variable to DEBUG=0 by
default, then writing a BIG BIG BIG warning next to it in the code is
enough? Like: WARNING: high security risk here if you set to DEBUG=1,
high risk of symlink attack then
Dmitry E. Oboukhov wrote:
Package: dtc-common
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages
Package: dtc-common
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors
12 matches
Mail list logo