著者: Rick Moen 日付: To: dng 題目: Re: [DNG] VBScript Injection via GNOME Thumbnailer
Quoting Joachim Fahrner (jf@???):
> That's the point. All these things made by Poettering, Gnome Team,
> Read Hat ... are rubbish monsters, too complex to make them safe.
> They put all things in they can think of. A thumbnailer that depends
> on wine! Unbelievable! That's no good and clean software.
Strictly speaking, I am reasonably sure it doesn't _depend_ on WINE, but
merely use it if it's present.
(I reiterate that the parser bug in /usr/bin/gnome-exe-thumbnailer
is damning, but note that it seems to be harmless in the general case,
and exploitable only on systems that also have WINE installed.)
--
Cheers,
Rick (not a GNOME fan) Moen
rick@???
McQ! (4x80)