On Wednesday 10 October 2001 23:55, George Staikos wrote: > > Only none worked until Saturday, when I began coding this one. Or they > > were hiding cleverly. kio_fish works, and I am confident enough to call > > it 1.0, both feature- and bug-wise. (Please, do send bug reports or > > simple "it works") Moreover, FISH is not sftp. FISH is no protocol at > > all, but using dd, cat, rm, mv, cp, grep, ls, ... to do all filesystem > > management tasks. I even want try to use rsync for better performance, > > dunno yet if it is possible. Basically, even if you're stuck with some > > obscure web server O/S and no admin privileges, you can still work fine. > I would just like to point out that this is perhaps the most dangerous > I/O slave to install yet. I haven't seen how it works, but based on > description, it sounds like a webpage redirecting to this i/o slave could > do virtually anything. Good point, though a redirecting webpage will "only" trigger fetching a file. (Or is there some URL Syntax that triggers deletion of a file?) kio_fish is a straight networking-filesystem type of ioslave, designed to resemble file:// in look&feel as closely as possible. So it shouldn't be more dangerous than the file:// ioslave. One point to remember, though, is the ease of access this ioslave gives to you. Having easy access to different remote machines poses a threat in itself, since mistakes are made easier. During the last days, I had access to machines I didn't visit during the whole last year, cleaned up home directories, collected all the files that were scattered throughout the world. One or two of them were shared accounts, where a mistake could have wreaked havoc on someone elses files as well. Or think of root access via ssh (If you enabled it. Don't!). > So, do we have this hole fully closed up in konqueror yet? If so, > people should be made aware to only use this slave on current versions. Is it really a hole? Even if redirecting to some fish:// URL, there is still a password to be entered. If you are using ssh-agent or kdesud, you should already know this is a security risk. -- CU Joerg PGP Public Key at http://ich.bin.kein.hoschi.de/~trouble/public_key.asc PGP Key fingerprint = D34F 57C4 99D8 8F16 E16E 7779 CDDC 41A4 4C48 6F94 >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<