[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    Re: kdegraphics/kpdf/kpdf [POSSIBLY UNSAFE]
From:       David Faure <faure () kde ! org>
Date:       2004-09-14 20:17:34
Message-ID: 200409142217.34438.faure () kde ! org
[Download RAW message or body]

On Tuesday 14 September 2004 22:07, Albert Astals Cid wrote:
> A Dimarts 14 Setembre 2004 22:01, David Faure va escriure:
> > On Tuesday 14 September 2004 21:56, Albert Astals Cid wrote:
> > > What problem do you have with it?
> > >
> > > I ask something along the lines of
> > >
> > > "Do you want to execute %1" where %1 is the command plus the arguments
> > >
> > > I don't see any problem with that. Is the user who decides if he wants to
> > > execute the program or not.
> >
> > And what should my mother answer to "Do you want to execute rm -rf $HOME" ?
> 
> Everybody should know he has to answer no to something he does not understand, 
> it is a basic computers knowledge.

Yeah right. People often feel that computers tell them lots of things they don't understand,
and yet they have to press OK in incomprehensible dialogs all the time (e.g. error dialogs).

> > You have not answered "there is no legitimate use for this feature". Why
> > should a PDF run any kind of command on my system, even after asking me??
> 
> No idea.

Then why not leave this aside for now?

> So you are all basically saying that having a program that follows pdf 
> specification is bad?

Yes. Will the user care that the PDF specification allows for trojan PDFs that
erase his harddrive?
User: "YOU KDE SUCK, I LOST ALL MY FILES!!!"
Developer: "Ah, but it's in the PDF spec..."

-- 
David Faure, faure@kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
[prev in list] [next in list] [prev in thread] [next in thread]