From kde-core-devel Sun Jan 02 23:19:27 2005 From: Tobias Koenig Date: Sun, 02 Jan 2005 23:19:27 +0000 To: kde-core-devel Subject: [RFC] Security and Features in KPDF Message-Id: <20050102231927.GA14691 () ghostdog ! localnet> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=110470798901386 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--MGYHOYXEY6WxJCY8" --MGYHOYXEY6WxJCY8 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, some times ago there was an implementation for KPDF which allows to execute an application which is specified in the PDF document. The implementation was criticized by some developers because of security concerns. IMHO the feature is really nice. When you use acroread/kpdf as presentation program for a talk, you can/could directly start the application you talk about without closing the presentation program first (which looks quite unprofessional). The main concerns are, that some bad guy could create a PDF file with the command 'rm -Rf /' inside I guess. This problems can be solved by always asking the user whether he wants to execute this application and showing him the full command that will be executed. This is really a save solution. When the user still clicks on 'Ok' and the virus/wurm is executed... well, that's the users problem. But that's the same case as when the user clicks on an unknown email attachment. Do we forbid email attachments for this reason? So I'd like to ask the core-developers if it's ok to add this feature to KPDF again together with the necessary security options. Ciao, Tobias --=20 Separate politics from religion and economy! --MGYHOYXEY6WxJCY8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB2IF+SvFUKpY6VLARAkrPAJ9OxK329I/6HcKSZF/6EiSMQ2F5XwCfQKJa q0fponXvXN7ueVIxaypm4kY= =4o0H -----END PGP SIGNATURE----- --MGYHOYXEY6WxJCY8--