security review and patches for libpurple

Ethan Blanton elb at
Thu Aug 11 12:04:11 EDT 2011

Ethan Blanton spake unto us the following wisdom:
> I have rejected the following patches for rejection, further review,
> and/or correction:

Missed one:

* bonjour-geteuid.diff

  I think this is just wrong.  It looks to me like we *want* euid, not
  uid.  I can't think of any reason to setuid Pidgin in the first
  place, but if we do, it seems like the euid is probably who you want
  to be running Pidgin.  I don't know.  It's not clear to me how this
  should be changed either way.


More information about the security mailing list