From owner-freebsd-ports Fri Nov 22 9:22:47 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1CD937B401; Fri, 22 Nov 2002 09:22:45 -0800 (PST) Received: from creme-brulee.marcuscom.com (rdu57-17-158.nc.rr.com [66.57.17.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 048B443E4A; Fri, 22 Nov 2002 09:22:45 -0800 (PST) (envelope-from marcus@marcuscom.com) Received: from [10.2.1.4] (vpn-client-4.marcuscom.com [10.2.1.4]) by creme-brulee.marcuscom.com (8.12.6/8.12.6) with ESMTP id gAMHLA4U092615; Fri, 22 Nov 2002 12:21:11 -0500 (EST) (envelope-from marcus@marcuscom.com) Subject: Re: SOUP From: Joe Marcus Clarke To: "Scott A. Moberly" Cc: FreeBSD GNOME Users , freebsd-ports@freebsd.org In-Reply-To: <3476.65.221.169.187.1037985437.squirrel@mail.karamazov.org> References: <44542.65.221.169.187.1037979346.squirrel@mail.karamazov.org> <1037984649.326.1.camel@gyros> <3476.65.221.169.187.1037985437.squirrel@mail.karamazov.org> Content-Type: text/plain Organization: MarcusCom, Inc. Message-Id: <1037985752.326.20.camel@gyros> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.0 Date: 22 Nov 2002 12:22:32 -0500 Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-3.2 required=5.0 tests=AWL,IN_REP_TO,NOSPAM_INC,QUOTED_EMAIL_TEXT,REFERENCES, SPAM_PHRASE_00_01 version=2.43 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 2002-11-22 at 12:17, Scott A. Moberly wrote: > > On Fri, 2002-11-22 at 10:35, Scott A. Moberly wrote: > >> The SOAP library SOUP is now required throughout the gnome structure. > >> Given that gtkhtml requires it in the Makefile, but does not actually > >> require it. Given the inherent security issues raised with SOAP. I > >> was curious if it can be made optional. It could even be in the > >> negative if you prefer; i.e. > > > > Maybe I've been out of it, but what security issues are we talking > > about? Can you site references? > > > > Joe > > > > My main complaint lies simply with arbitrary access to data without the > user (of the process) having direct control. Scary if it moves into root > controlled processes. Other issues involve firewall slipthrough. Many > other reason's can be found... google it with soap and security. I'd like to see some security advisories on this, particularly in relation to the one app known to use Soup: Evolution. So far, you are the only one to raise the issue. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message