[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [RFC] Security and Features in KPDF
From:       Oswald Buddenhagen <ossi () kde ! org>
Date:       2005-01-03 0:23:42
Message-ID: 20050103002342.GA7512 () ugly ! local
[Download RAW message or body]

On Mon, Jan 03, 2005 at 01:08:51AM +0100, Ingo Klöcker wrote:
> Unfortunately, Stephan's suggestion is also not a very good solution 
> because you can be sure that several distributions will make "kpdf 
> --script %u" the default for PDF "because it's so convenient".
> 
and this is our problem, right? uhm, well ...
/me patches the -f option out of his copy of /bin/rm, because debian
  might decide to alias rm='rm -f' in their /etc/bash.bashrc - "because
  it's so convenient".

> > But that's the same case as when the user clicks on an unknown email
> > attachment. Do we forbid email attachments for this reason?
> 
> That's nonsense. Clicking on an unknown email attachment in KMail does
> never result in 'rm -Rf /' or similarly dangerous commands being
> executed.
> 
yeah, right. kmail (and any program called by it) never had, and will
never have any relevant security holes. therefore attachments are safe.
q.e.d.
oh, wait, i've still to prove, that email per se is safe ...

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
[prev in list] [next in list] [prev in thread] [next in thread]