[sldev] source release and security questions

[Duffy Langdon]

I have just done a quick check of the code, and have found the following:

/indra/newview/llinventorymodel.cpp:           system(buffer);is actually 
outcommented, i.e. the code is never compiled nor 
executed../indra/newview/llstartup.cpp:  system(update_exe_path.c_str());is 
executed under Darwin, but the code on first inspection seems to be safe, it 
probably should be checked by someone more experienced in the code, but 
first impression is that it is harmless./indra/newview/viewer.cpp: 
system(command_str.c_str());is executed under Darwin, the code - on first 
inspection - looks even more innocent than the first one.My impression from 
reading the blog and the examples he found, is that he has notmade any 
effort to understand the code, but is making some unfounded or - atleast - 
ill founded judgements about the source code, without inspecting it.Open 
source is a two edged sword, it means everybody can look for 
vulerabilities,both the whitehatters and the blackhatters :-)The source code 
I have examined, appears to be well written, especially consideringthe age 
and the number of people who has been involved. But this is really based 
onlyon a cursory examination, and not an indepth analysis.----- Original 
Message ----- 
From: "Gismo C." <gismo at igor.franken.de>
To: <sldev at lists.secondlife.com>
Sent: Wednesday, January 10, 2007 3:32 PM
Subject: [sldev] source release and security questions


> Hello there,
>
> first thanks a lot for the Code release. This is mutch more interessting
> than a blackbox on my System.
>
> There were some questions about the open source Client concerning security 
> of the Grid.
>
> I think like in every newly release Open Source Project, there will be a
> first wave with much fixes and enhancments.
>
> One already startet to post about some interessting bits:
> http://blog.fefe.de/?ts=bb5cad1f
>
> It is in German, but you can have a look at the Code parts and you will 
> probably
> know what he is meaning.
>
> Thanks for this Project,
> Gismo
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>