This is not just a security problem if catdoc is run with "privileges users don't have" --- it's a security problem if you accept any documents from the outside world and then try to read them with catdoc, without first checking them to see if they have buffer-overflow attempts in them. Since, presumably, the usual reason one runs catdoc is that one person created a document with Microsoft products and another person, without Microsoft products available, tries to read that document, this is essentially a constant security hole. Kragen -- <kragenat_private> Kragen Sitaker <http://www.pobox.com/~kragen/> Irony and sarcasm deflate seriousness, and when your seriousness becomes detum- escent, you're not held responsible for your thoughts. Irony beats thinking like rock beats scissors. -- http://www.hyperorg.com/backissues/joho-june2-98.html
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:07 PDT