[Yum-devel] [PATCH] libproxy support
Zdenek Pavlas
zpavlas at redhat.com
Thu Mar 15 13:36:23 UTC 2012
> > urlgrabber/grabber.py | 32 ++++++++++++++++++++++++++------
> > 1 files changed, 26 insertions(+), 6 deletions(-)
>
> Assuming you've tested it, ACK.
Actually, on second thought, I'd rather not have this enabled
by default. While the support of KDE/GNOME config tools is nice,
the WPAD protocol seems quite scary.
If I understand it correctly, an (not too hard to forge) DHCPINFORM
reply instructs the library to grab an URL and run Javascript in it.
Does the library drop root privileges before doing so? How secure
is the JS sandbox?
More information about the Yum-devel
mailing list