[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security Hole Exploit in tortoiseproc?

From: Stefan Küng <tortoisesvn_at_gmail.com>
Date: 2006-07-01 19:33:56 CEST

Alexandra Stehman wrote:
> Greetings,
> If this is normal behavior please let me know. I was committing two new files
> into the repository when a TortoiseProc window popped up informing me that
> something bad happened and it needed to close. It requested a description of the
> user activities prior to the crash, which I provided. I then proceeded to send
> the report. However, it did something quite odd. I got a weird little message
> from outlook saying "a program is trying to access email addresses you have
> stored in outlook. do you want to allow this?" I clicked NO twice. Then it said
> something about the message not being sent. NOW it is prompting me to save this
> file called TortoiseProc, format type ZIP, somewhere. I am not going to save
> this file, but find this entire series of events suspect.
> If this is normal behavior, please do let me know (I am not a list subscriber).

I don't know why outlook would say something like that. All the
crashreport tool is trying to do is to open up a new mail window, with
the target mail and your text about the crash filled in. It doesn't even
*send* the mail but relies on you to hit the "send" button.
And it definitely doesn't try to read your address book.
You can check the sourcecode of that tool yourself if you don't believe me:
Login: guest
and use an empty password.


   oo  // \\      "De Chelonian Mobile"
  (_,\/ \_/ \     TortoiseSVN
    \ \_/_\_/>    The coolest Interface to (Sub)Version Control
    /_/   \_\     http://tortoisesvn.tigris.org
To unsubscribe, e-mail: users-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: users-help@tortoisesvn.tigris.org
Received on Sat Jul 1 19:34:05 2006

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.