[Spambayes] Outlook plugin crash
Tim Peters
tim.peters at gmail.com
Tue Jan 17 18:55:24 CET 2006
[Coe, Bob]
> Can someone with a knowledge of the plugin code tell me whether it violates
> the modern fad of scrupulously avoiding the execution of data? Old-time
> coders like me used to do it all the time. (You can get away with it even in
> recursive and reentrant programs if you're careful.) But it's considered a
> security risk today, and the GX620 has a factory-preset BIOS option to
> prevent it. During the weekend, after I sent my original note, I found a
> program that wouldn't run on my computer until I disabled that option. I'm
> wondering now whether I ought to make another run at Spambayes with the
> option turned off. Any advice for me?
Python never executes data, but _something_ invoked when SpamBayes
runs does. There are long discussions of this on the SB bug tracker,
but SourceForge appears to be hosed at the moment so I can't get a
reference for you now. Look for bug 988095.
It's definitely worth trying SB with the option disabled.
More information about the SpamBayes
mailing list