|
From: | David Kastrup |
Subject: | Re: Security problem: lilypond-invoke-editor |
Date: | Thu, 23 Nov 2017 13:42:02 +0100 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Knut Petersen <address@hidden> writes: > Am 23.11.2017 um 10:23 schrieb David Kastrup: >> Stupid question: what does run-editor do to be inherently safer than >> run-browser, and what would prevent run-browser from doing the same? > > Your suspicion is correct. Also textedit URIs are vulnerable to a very > similar attack. It was more a hope than a suspicion: I had hoped that both could easily be made equivalently safe rather than equivalently unsafe. -- David Kastrup
[Prev in Thread] | Current Thread | [Next in Thread] |