Re: nosgml options from Liam Quinn on 2003-01-23 (www-validator@w3.org from January 2003)

From: Liam Quinn <liam@htmlhelp.com>
Date: Thu, 23 Jan 2003 12:26:22 -0500 (EST)
To: "Nigel J. Andrews" <nandrews@investsystems.co.uk>
cc: www-validator@w3.org
Message-ID: <Pine.LNX.4.44.0301231219580.11125-100000@localhost.localdomain>

On Thu, 23 Jan 2003, Nigel J. Andrews wrote:

> I installed on a Debian 3.0 Linux system and had to remove the -R switch from
> the nosgml invocation. It's not worth making a patch just for that.
> 
> opensp 1.5 (1.5pre5-5 .deb package number)

The -R switch is required to prevent a file disclosure vulnerability.  
The -R option isn't available in 1.5pre5, but it's in the 1.5 release
version available from <http://sourceforge.net/projects/openjade/>.

If the validator on your system is available to untrusted users, I 
would recommend upgrading your OpenSP and retaining the -R option.

Regards,

-- 
Liam Quinn

Received on Thursday, 23 January 2003 12:26:23 UTC