[Spambayes] Outlook plugin crash
Coe, Bob
rcoe at CambridgeMA.GOV
Wed Jan 18 14:19:18 CET 2006
Aha!! That was it! After Tim's encouragement, I tried Spambayes again
with the data execution prohibition disabled, and it worked.
Maybe some of the other reported crashes have a similar origin. But my
own experience suggests that other Windows apps have similar problems
with the option, which I suspect will lead most people not to use it.
Maybe other manufacturers won't adopt it anyway.
Alas, I dug myself another hole while working on Spambayes last night.
I'll seek help for that one in a separate message.
Bob
> -----Original Message-----
> From: Tim Peters [mailto:tim.peters at gmail.com]
> Sent: Tuesday, January 17, 2006 12:55 PM
> To: Coe, Bob
> Cc: spambayes at python.org
> Subject: Re: [Spambayes] Outlook plugin crash
>
>
> [Coe, Bob]
> > Can someone with a knowledge of the plugin code tell me whether it
> > violates the modern fad of scrupulously avoiding the execution of
> > data? Old-time coders like me used to do it all the time. (You can
get
> > away with it even in recursive and reentrant programs if you're
> > careful.) But it's considered a security risk today, and the GX620
has
> > a factory-preset BIOS option to prevent it. During the weekend,
after
> > I sent my original note, I found a program that wouldn't run on my
> > computer until I disabled that option. I'm wondering now whether I
> > ought to make another run at Spambayes with the option turned off.
Any
> > advice for me?
>
> Python never executes data, but _something_ invoked when
> SpamBayes runs does. There are long discussions of this on
> the SB bug tracker, but SourceForge appears to be hosed at
> the moment so I can't get a reference for you now. Look for
> bug 988095.
>
> It's definitely worth trying SB with the option disabled.
>
More information about the SpamBayes
mailing list