[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KDE Scripting Interface [2nd Try]
From:       Roberto Alsina <ralsina () kde ! org>
Date:       2001-07-20 12:06:56
[Download RAW message or body]

On Fri, 20 Jul 2001, Thomas Zander wrote:

> On Fri, Jul 20, 2001 at 01:02:17AM -0400, Ellis Whitehead wrote:
> > Because of this my vote goes against giving a user direct access to dcop 
> > via embedded scripts.  And if there aren't embedded scripts doing arbitrary 
> > dcop calls, then there's no need for dcop security.
> 
> Hmm, I think you pointed out the difference in perspective people have been
> having.
> I personally have never thought that a dcop call could be made by user code
> from any application. (except from a shell or koscript or similar)
> So a user script in kword means that the external interpreter is started and
> it starts talking to kword via dcop.

If a scripting interface was embedded in apps (say, made available from a
kdelib), and such scripting thingie had a DCOP binding, the apps can
communicate with any DCOP-enabled app using DCOP.

Now, as far as I can see, there are two wo ways to provice scripting to
apps:

a) We provide a sandboxed scripting engine that can only manipulate said
app, and only can manipulate said app in ways that are not dangerous.

b) We provide a scripting engine that is useful ;-)

Further: a) means that the only way to do scripting is through OUR engine
and language, because if you provide hooks to plug other languages, and
the other language doesn't do sandboxing, the hook is a hole that renders
sandboxing useless.

Further: a) means that there will be tons of *useful* functionality that
can not be provided through scripting. For example: a plugin to make the
background image change following a webpage... forget it: that involves
disk access!

And I say a) doesn't even make the system any more secure than it is
currently!

For the only way a evil script can get into the user's application is that
he downloads the script and installs it.

And he could just download anything else in the internet, including
damaging C based apps with pictures of feet ;-)

I say: don't ever run anything downloaded unless you are fairly sure of
what you are getting. And if the guy downloads a worm or a trojan or
whatever: he can do that already. And he will still be able to do that
afterwards.

 ("\''/").__..-''"`-. .         Roberto Alsina
 `9_ 9  )   `-. (    ).`-._.`)  ralsina@kde.org
 (_Y_.)' ._   ) `._`.  " -.-'   KDE Developer (MFCH)
  _..`-'_..-_/ /-'_.'           Abeja obrera en Xtech (www.xtech.com.ar)
(l)-'' ((i).' ((!.'             Buenos Aires - Argentina
Futuaris nisi irrisus ridebis. (Carlton, De rerum comoedia)

[prev in list] [next in list] [prev in thread] [next in thread]