Re: Security problem: lilypond-invoke-editor

lilypond-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security problem: lilypond-invoke-editor

From:	Knut Petersen
Subject:	Re: Security problem: lilypond-invoke-editor
Date:	Thu, 23 Nov 2017 11:56:01 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0

Am 23.11.2017 um 10:23 schrieb David Kastrup:

Stupid question: what does run-editor do to be inherently safer than
run-browser, and what would prevent run-browser from doing the same?


Your suspicion is correct. Also textedit URIs are vulnerable to a very similar 
attack.

So EVERYBODY should completely disable (delete/rename) lilypond-invoke-editor 
for now.

Knut

[Prev in Thread]

Current Thread

[Next in Thread]

Security problem: lilypond-invoke-editor, Knut Petersen, 2017/11/23
- Re: Security problem: lilypond-invoke-editor, David Kastrup, 2017/11/23
  - Re: Security problem: lilypond-invoke-editor, J Martin Rushton, 2017/11/23
    - Re: Security problem: lilypond-invoke-editor, David Wright, 2017/11/23
  - Re: Security problem: lilypond-invoke-editor, Knut Petersen <=
    - Re: Security problem: lilypond-invoke-editor, David Kastrup, 2017/11/23
    - Re: Security problem: lilypond-invoke-editor, Stanton Sanderson, 2017/11/23
    - Re: Security problem: lilypond-invoke-editor, Knut Petersen, 2017/11/23
- Re: Security problem: lilypond-invoke-editor, Blöchl Bernhard, 2017/11/23

Prev by Date: Re: Security problem: lilypond-invoke-editor
Next by Date: Re: Security problem: lilypond-invoke-editor
Previous by thread: Re: Security problem: lilypond-invoke-editor
Next by thread: Re: Security problem: lilypond-invoke-editor
Index(es):
- Date
- Thread