[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    [RFC] Security and Features in KPDF
From:       Tobias Koenig <tokoe () kde ! org>
Date:       2005-01-02 23:19:27
Message-ID: 20050102231927.GA14691 () ghostdog ! localnet
[Download RAW message or body]


Hi,

some times ago there was an implementation for KPDF which allows to
execute an application which is specified in the PDF document.

The implementation was criticized by some developers because of security
concerns.

IMHO the feature is really nice. When you use acroread/kpdf as
presentation program for a talk, you can/could directly start the
application you talk about without closing the presentation program
first (which looks quite unprofessional).

The main concerns are, that some bad guy could create a PDF file with
the command 'rm -Rf /' inside I guess. This problems can be solved by
always asking the user whether he wants to execute this application and
showing him the full command that will be executed.

This is really a save solution. When the user still clicks on 'Ok' and
the virus/wurm is executed... well, that's the users problem. But that's
the same case as when the user clicks on an unknown email attachment.
Do we forbid email attachments for this reason?

So I'd like to ask the core-developers if it's ok to add this feature to
KPDF again together with the necessary security options.

Ciao,
Tobias
--=20
Separate politics from religion and economy!

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]