[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KDE Scripting Interface [2nd Try]
From:       Waldo Bastian <bastian () kde ! org>
Date:       2001-07-20 3:54:26
[Download RAW message or body]

On Thursday 19 July 2001 03:59 am, Hans Meine wrote:
> Ralf Nolden <nolden@kde.org> writes:
> > Martin, please read this phrase again which is why I propose the
> > security levels:
> >
> > While programmers writing
> > scripts for shell automation know what they are doing, the average
> > GUI-only user doesn't. He just trusts the GUI and the scripting engine
> > if he receives a script and executes that.
> >
> > That's why on the end KDE will be blamed, even like Bernd said if an
> > attacker really used it he is
> >                       ^^^         ^^^^^^
> > quite dumb. What you want to prevent is that a script can abuse dcop to
> > harm the user by scripting, for everything else it's Unix that is
> > responsible :)
>
> If thereīs any GUI program executing scripts, the security should be
> built in that scripting engine. Not in DCOP, thatīs the point IMO.

Yes and no. If you want to allow the ability to use DCOP from the script, the 
security should be extended to DCOP.

Cheers,
Waldo
-- 
Andrei Sakharov, Exciled 1980-1986, USSR, http://www.aip.org/history/sakharov/
Dmitry Sklyarov, Detained 2001-????, USA, http://www.elcomsoft.com/

[prev in list] [next in list] [prev in thread] [next in thread]