[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: [RFC] Security and Features in KPDF
From: George Staikos <staikos () kde ! org>
Date: 2005-01-02 23:55:19
Message-ID: 200501021855.19293.staikos () kde ! org
[Download RAW message or body]
On Sunday 02 January 2005 18:19, Tobias Koenig wrote:
> The main concerns are, that some bad guy could create a PDF file with
> the command 'rm -Rf /' inside I guess. This problems can be solved by
> always asking the user whether he wants to execute this application and
> showing him the full command that will be executed.
>
> This is really a save solution. When the user still clicks on 'Ok' and
> the virus/wurm is executed... well, that's the users problem. But that's
> the same case as when the user clicks on an unknown email attachment.
> Do we forbid email attachments for this reason?
This is not always so safe, because not all users understand the
implications of a 1 character difference between two command lines, one being
safe, the other being devastating. It is also possible to write the command
in such a confusing manner as to make it unclear what the command is that's
being executed as displayed in the messagebox. Don't rely on this too
much...
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic