[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [RFC] Security and Features in KPDF
From:       Michael Nottebrock <michaelnottebrock () gmx ! net>
Date:       2005-01-03 2:39:13
Message-ID: 200501030339.17473.michaelnottebrock () gmx ! net
[Download RAW message or body]


On Monday, 3. January 2005 02:58, Brad Hards wrote:
> On Mon, 3 Jan 2005 11:08 am, Ingo Klöcker wrote:
> > Unfortunately, Stephan's suggestion is also not a very good solution
> > because you can be sure that several distributions will make "kpdf
> > --script %u" the default for PDF "because it's so convenient".
>
> As the other side of this, how about only allowing a whitelist of "safe"
> options. 

Ah, the Outlook approach. :-)

FWIW, I don't think there's a solution really. Tobias thinks it looks bad if 
kpdf can't launch an executable or a script, others think it looks bad if it 
can. Both are right - the question is which crowd do you we all want to 
please, the one that likes smooth automagic presentations or the one that 
will pass off KDE as a reimplementation of Microsoft's biggest security 
bloopers over it. I'm convinved both those crowds exist and have their share 
of vocal evangelists.

Since there can be no agreement, I guess the best course of action would be 
"do nothing" (stick to principles, set a precendence, cut short discussion).

The second best one is probably the well-hidden non-default option (you can at 
least divert the blame to the respective distro if they choose to turn it on 
by default and a spectacular exploit appears).

-- 
   ,_,   | Michael Nottebrock               | lofi@freebsd.org
 (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
   \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]