W3C home > Mailing lists > Public > www-validator@w3.org > January 2003

Re: nosgml options

From: Liam Quinn <liam@htmlhelp.com>
Date: Thu, 23 Jan 2003 12:26:22 -0500 (EST)
To: "Nigel J. Andrews" <nandrews@investsystems.co.uk>
cc: www-validator@w3.org
Message-ID: <Pine.LNX.4.44.0301231219580.11125-100000@localhost.localdomain>

On Thu, 23 Jan 2003, Nigel J. Andrews wrote:

> I installed on a Debian 3.0 Linux system and had to remove the -R switch from
> the nosgml invocation. It's not worth making a patch just for that.
> opensp 1.5 (1.5pre5-5 .deb package number)

The -R switch is required to prevent a file disclosure vulnerability.  
The -R option isn't available in 1.5pre5, but it's in the 1.5 release
version available from <http://sourceforge.net/projects/openjade/>.

If the validator on your system is available to untrusted users, I 
would recommend upgrading your OpenSP and retaining the -R option.


Liam Quinn
Received on Thursday, 23 January 2003 12:26:23 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:58:32 UTC