From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 29771 invoked from network); 21 Jan 2009 17:55:11 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.5 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 21 Jan 2009 17:55:11 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 23397 invoked from network); 21 Jan 2009 17:55:06 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 21 Jan 2009 17:55:06 -0000 Received: (qmail 23617 invoked by alias); 21 Jan 2009 17:54:59 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 26399 Received: (qmail 23606 invoked from network); 21 Jan 2009 17:54:59 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 21 Jan 2009 17:54:59 -0000 Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.155]) by bifrost.dotsrc.org (Postfix) with ESMTP id 2935080271F0 for ; Wed, 21 Jan 2009 18:54:54 +0100 (CET) Received: by fg-out-1718.google.com with SMTP id e21so1728560fga.37 for ; Wed, 21 Jan 2009 09:54:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=tNacGkmef6erOzAdfUOwcBdPvcAGZVd/L+0SlSvYbcw=; b=CcYUx2+2s3t0OaF/JrQ5yGGXsPZF0t29jWGtJj8/1h9iwR3F0uQI1bsmNzrIOCL3Gi K0JlNJ+fvVk7A1N+frRv0oz/vyiBAvA+sfjL19AsudCYQmXTL/PtbodccuRI5mrNMlMv HmOoP6OQUTPJ828LKF/skfP0QF+f6T05DRs+A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=F59w2nOHE2OsquqKh9UxTLmH0wv7IyQcGs0312OiP2wtjTUYvfb2lSv2WEEvP9Om1Y 6B/xM09eky5DiDcME4ieBOxUXDorLEBBf//Ir5maMGGb2r5KWztHOP/bjWqbCLHe8i9j IFAx2gPxBeRJwCtBhqak7wXfvwl4c/PrwNOU0= MIME-Version: 1.0 Received: by 10.86.91.12 with SMTP id o12mr1034039fgb.16.1232560494520; Wed, 21 Jan 2009 09:54:54 -0800 (PST) In-Reply-To: <200901211718.n0LHIj0S010726@news01.csr.com> References: <2d460de70901010632q3f2c1156x36a8d1e8a4445dd4@mail.gmail.com> <2d460de70901210854w1c68e79lbf0847b700822eff@mail.gmail.com> <200901211718.n0LHIj0S010726@news01.csr.com> Date: Wed, 21 Jan 2009 18:54:54 +0100 Message-ID: <2d460de70901210954w4d9872aek950cd5dc7e3c3f5e@mail.gmail.com> Subject: Re: Security hole in history handling for root From: Richard Hartmann To: Peter Stephenson Cc: Zsh Workers Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.92.1/8884/Wed Jan 21 14:15:32 2009 on bifrost X-Virus-Status: Clean On Wed, Jan 21, 2009 at 18:18, Peter Stephenson wrote: > If I can be convinced there is something specific in this case, as > opposed to a general security hole that needs much more thinking about, > it can be dealt with, but I haven't seen why yet. In that case, don't bother. As the RC files are checked, I assumed you wanted to get a report for everything which goes in that direction. > (By the way, I realise Bart suggested you repost things, but the net > effect is likely to be that I increase my threshold below which I ignore > things even further. If all these sorts of things are to be tackled we > NEED repeat NEED repeat NEED more people to work on bug fixes.) Would if I could, but I am not firm enough in C to be of any deeper help. sorry. Would it help you or anyone if there was a bug tracker? SF.net offers one or I could set one up, if you want me to. Richard