On Wed, 12 Jun 1996, Paul Traina wrote:
> The problem discussed here (originally found in 1.24r) is also in recent
> versions of fvwm2 in the modules that do CPP or M4 processing of .fvwm2rc
> files.
Yes.
I am the Debian fvwm maintainer, and have given some patches to Chuck
to be put into the next release. I did this almost as soon as
fvwm2-2.0.42 was released, and Chuck is aware of the security problem
(it just that the next beta is still being put together by Chuck).
My original fix for Debian was the less efficient directory creation
based one. This is the one you have decided to comment on. If you
look at the currect Debian fvwm and fvwm2 packages, you'll see that
they both your the O_EXCL fix, which is far cleaner.
Much better still would be (as you say) to fork off a subprocess and
use pipes. I may well give Chuck a patch for this at some point.
While you're at it, could you please point the BSD people at the
latest Debian fvwm package? I never thought my nasty directory based
hack would spread this far... :)
Austin
--
Visit the official FVWM web page at <URL:http://www.hpc.uh.edu/fvwm/>.
To unsubscribe from the list, send "unsubscribe fvwm" in the body of a
message to majordomo_at_hpc.uh.edu.
To report problems, send mail to fvwm-owner_at_hpc.uh.edu.
Received on Thu Jun 13 1996 - 06:37:02 BST