Comments for GNOME Workstation Command Center

22 Jan 2002 23:08 sfbrent

Re: some insecurities...

Hi,

Yes, you are correct about the print method being
a vulnerability, it is also not thread-safe. This
and other misc issues should be cleaned up in the
1.0 release (and people ask me why it's not 1.0
yet.. :-)

Thanks for taking the time to report this issue -
i will open a bug # on the GWCC sourceforge.net
page.

..Brent

22 Jan 2002 01:24 v9

some insecurities...
there are many potential buffer overflows in this
program, in almost every function that takes
input. while those do not really matter, since its
for a "workstation" and not set*id anything.
there is the way it attempts to print data(locally
via lpr/etc):
...
strcat(print_command, " /tmp/gwcc_out.txt");
if (system(print_command) == -1) {
...
which gets directed to that (static) file, with no
checking. meaning any user could forge(link) that
filename and make it redirect the input elsewhere
-- potentially compromising other users.

other than that, pretty gtk gui, looks nice with
my theme :)

20 Jun 2001 21:13 sfbrent

Re: Wish: make available in non-rpm source?
Hi, you must have beat the sourceforge mirror by
mere minutes! The tar.gz file is available as of
now... Thanks!

20 Jun 2001 20:48 fireeyes

Wish: make available in non-rpm source?
I belive I would not be alone stating that it would be handy to have a non-rpm source, say a tar.gz and a tar.bz2 sourceballs. Thanks!

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.