Branches
Comments
[»]
some insecurities...
by v9 - Jan 22nd 2002 01:24:19
there are many potential buffer overflows in this
program, in almost every function that takes
input. while those do not really matter, since its
for a "workstation" and not set*id anything.
there is the way it attempts to print data(locally
via lpr/etc):
...
strcat(print_command, " /tmp/gwcc_out.txt");
if (system(print_command) == -1) {
...
which gets directed to that (static) file, with no
checking. meaning any user could forge(link) that
filename and make it redirect the input elsewhere
-- potentially compromising other users.
other than that, pretty gtk gui, looks nice with
my theme :)
--
vade79 -> v9@fakehalo.deadpig.org ->
fakehalo.deadpig.org.
[reply]
[top]
[»]
Re: some insecurities...
by Brent Ely - Jan 22nd 2002 23:08:05
Hi,
Yes, you are correct about the print method being
a vulnerability, it is also not thread-safe. This
and other misc issues should be cleaned up in the
1.0 release (and people ask me why it's not 1.0
yet.. :-)
Thanks for taking the time to report this issue -
i will open a bug # on the GWCC sourceforge.net
page.
..Brent
[reply]
[top]
[»]
Wish: make available in non-rpm source?
by fire-eyes - Jun 20th 2001 20:48:58
I belive I would not be alone stating that it would be handy to have a
non-rpm source, say a tar.gz and a tar.bz2 sourceballs. Thanks!
--
[EOF]
[reply]
[top]
[»]
Re: Wish: make available in non-rpm source?
by Brent Ely - Jun 20th 2001 21:13:13
Hi, you must have beat the sourceforge mirror by
mere minutes! The tar.gz file is available as of
now... Thanks!
[reply]
[top]
|
