So sprach Miguel de Icaza am Mon, May 28, 2001 at 06:57:23PM -0400:
With package packed as rpm, you can look what it contains.
People do not `review' rpm packages, let alone review the scripts they
execute. You are just as vulnerable.
True. But you at least have the option. Not so
On 24 May 2001 10:19:56 -0400, Eric Mitchell wrote:
However, you could rig up an LD_PRELOAD shared library to handle
some useful system calls (open, unlink, etc.) and even go so far
as to ask for confirmation before doing anything suspicious
(opening files outside current directory,
You can also send an e-mail saying `please drag the /bin directory
into the trashcan and everything will work just fine'.
But that message won't forward a copy of itself to everyone in your
addressbook and in your corporate LDAP server.
Why are you even bothering to try to argue about this?!
I still don't see the utility in adding hacks into evolution to
special-case this. Will the same happen with application/x-rpm? And
application/x-scripting-language? I still maintain that having the user
have to manually set the execute bit will at least force them to
actually have to
On Thu, 24 May 2001 13:29:43 -0700
Ben Ford [EMAIL PROTECTED] wrote:
Dan Winship wrote:
Why are you even bothering to try to argue about this?! It's not like
this is unexplored territory and no one knows what will happen if we
try. You are proposing to give Evolution *exactly* the
So sprach Christopher James Lahey am Thu, May 24, 2001 at 06:06:49AM -0400:
That doesn't work either because then if you switch languages, you lose
all your data. Well, it's in a directory that's harder to find which
amounts to the same thing.
Uh? Why do you lose data? I proposed that
On 24 May 2001 17:16:44 +0200, Zak McGregor wrote:
On Thu, 24 May 2001 15:40:01 +0200
Alexander Skwar [EMAIL PROTECTED] wrote:
So sprach Tuomas Kuosmanen am Thu, May 24, 2001 at 04:06:51PM +0300:
Softlinks are not fun on the shell:
Exactly.
However, surely the locations need to
So sprach Tuomas Kuosmanen am Thu, May 24, 2001 at 08:46:37PM +0300:
However, surely the locations need to be accessible from any app and not
just from those that use gconf?
Yep, the folder would be in your homedir in any case. Or somewhere you
changet it yourself (if there is some
I just thought of something. Maybe we should have a property in the
mime-type that describes whether this mime-type is safe to be launched
or not. So we can manually tag things that might introduce a security
risk.
I like that idea. Perhaps we could have something like a Desktop
So sprach Zak McGregor am Thu, May 24, 2001 at 01:40:02PM +0200:
Softlinks perhaps? Removing old softlinks for languages no longer used
Something just came up my mind - how often does the average user change the
language, anyway? Sure, some people are multilingual, but every person has
a
So sprach Tuomas Kuosmanen am Thu, May 24, 2001 at 02:10:35PM +0300:
This is Not Good(tm) since you might have something else using those
files as well. Like a script, or they might be open in some application
when you change it.
Hmm, true.
On my windows box I have both C:\Program Files and
On Tuesday, May 22, 2001, at 08:52 PM, Miguel de Icaza wrote:
You should be able to mock up your idea by adding a simple application
that
is registered as the handler for elf/a.out files which does what you
described.
Ok, I have implemented this. I am just waiting for approval to
So sprach Christian Rose am Wed, May 23, 2001 at 05:27:51PM +0200:
I think that a big security warning would be appropriate when
double-clicking a binary without execute permission set, though. This
Dunno, but for some reason I'd think that people might just ignore this
warning. People might
There are several IRC clients that can do auto-dcc, and some default
the dcc-save directory to your homedir. This is stupid.
And I am sure there are users who dont understand DCC and what
it is once we get more novice users to GNOME. So DCC send a .desktop
file
what if someone distributes a malicious elf/a.out binary as
foo-1.5-2.i386.rpm the user will open the file with gmc/nautilus and
instead of telling the user no viewer capable of opening this file (or
whatever it says when someone runs a binary w/o the execute bit) it will
set the execute
15 matches
Mail list logo