Date: 22 Nov 2002 12:22:32 -0500 From: Joe Marcus Clarke <marcus@marcuscom.com> To: "Scott A. Moberly" <smoberly@karamazov.org> Cc: FreeBSD GNOME Users <gnome@freebsd.org>, freebsd-ports@freebsd.org Subject: Re: SOUP Message-ID: <1037985752.326.20.camel@gyros> In-Reply-To: <3476.65.221.169.187.1037985437.squirrel@mail.karamazov.org> References: <44542.65.221.169.187.1037979346.squirrel@mail.karamazov.org> <1037984649.326.1.camel@gyros> <3476.65.221.169.187.1037985437.squirrel@mail.karamazov.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2002-11-22 at 12:17, Scott A. Moberly wrote: > > On Fri, 2002-11-22 at 10:35, Scott A. Moberly wrote: > >> The SOAP library SOUP is now required throughout the gnome structure. > >> Given that gtkhtml requires it in the Makefile, but does not actually > >> require it. Given the inherent security issues raised with SOAP. I > >> was curious if it can be made optional. It could even be in the > >> negative if you prefer; i.e. > > > > Maybe I've been out of it, but what security issues are we talking > > about? Can you site references? > > > > Joe > > > > My main complaint lies simply with arbitrary access to data without the > user (of the process) having direct control. Scary if it moves into root > controlled processes. Other issues involve firewall slipthrough. Many > other reason's can be found... google it with soap and security. I'd like to see some security advisories on this, particularly in relation to the one app known to use Soup: Evolution. So far, you are the only one to raise the issue. Joe -- PGP Key : http://www.marcuscom.com/pgp.asc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-gnome" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1037985752.326.20.camel>