[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KDE Scripting Interface [2nd Try]
From:       Thomas Zander <zander () planescape ! com>
Date:       2001-07-20 6:19:52
[Download RAW message or body]


On Fri, Jul 20, 2001 at 01:02:17AM -0400, Ellis Whitehead wrote:
> Because of this my vote goes against giving a user direct access to dcop 
> via embedded scripts.  And if there aren't embedded scripts doing arbitrary 
> dcop calls, then there's no need for dcop security.

Hmm, I think you pointed out the difference in perspective people have been
having.
I personally have never thought that a dcop call could be made by user code
from any application. (except from a shell or koscript or similar)
So a user script in kword means that the external interpreter is started and
it starts talking to kword via dcop.

Does anyone think the model I described here is wrong? Because this model 
will certainly be available for worms, and with full user-rights. 
Adding another more secure model will not make this one any less secure. 
I think this is excactly what Martin has been saying.

-- 
Thomas Zander                                            zander@earthling.net
The only thing worse than failure is the fear of trying something new

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]