Loading ...
Sorry, an error occurred while loading the content.

Re: feedkeys() allowed in sandbox

Expand Messages
  • John Beckett
    ... I actually agree that it is extremely unlikely that a length check would make modelines more secure, but I m being argumentative because it s irritating to
    Message 1 of 25 , May 4, 2007
    • 0 Attachment
      Ciaran McCreesh wrote:
      > 100 bytes is more than enough room to download and execute
      > a file that contains the real malicious code.

      I actually agree that it is extremely unlikely that a length
      check would make modelines more secure, but I'm being
      argumentative because it's irritating to be authoritatively
      assured that a length check would have no benefit in the future.

      We just don't know whether some future vulnerability (perhaps
      using a currently-unknown new feature) might be avoided with a
      modeline length check.

      John
    Your message has been successfully submitted and would be delivered to recipients shortly.