[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-promo
Subject: Re: [kde-promo] Apple Mac Boasting about how Unix is the ultimate
From: Martijn Klingens <klingens () kde ! org>
Date: 2006-05-03 13:40:29
Message-ID: 200605031540.30046.klingens () kde ! org
[Download RAW message or body]
On Wednesday 03 May 2006 14:35, Inge Wallin wrote:
> On Wednesday 03 May 2006 11.10, Martijn Klingens wrote:
> > On Wednesday 03 May 2006 00:15, Aaron J. Seigo wrote:
> >
> > Likewise, the recent problems with Apple Mail opening unsafe attachments
> > are something that we should be wary of. Especially the embedding of
> > previews inside of Kontact is a life saver and a peril at the same time.
> > As a user I would *love* to see .odt files inside KMail the same way
> > images and attached mails are displayed. As an admin it's extremely
> > dangerous to do so.
>
> Why?
First of all, buffer overflows and similar bugs. The more complex the
software, the bigger the chances for those. KOffice is orders of magnitude
more complex than a PNG renderer and even libpng is found vulnerable every
now and then.
And if you don't like the fact that I mentioned KOffice, s/KOffice/KPDF/ and
repeat for inline displaying of PDF files.
Second, design flaws. Active scripting is one of them, but as you pointed out
that can be largely avoided with careful design, like no scripts in readonly
mode. Still, you can avoid a thousand of design flaws, overlook one and your
users are at risk. Big time in the case of an e-mail attack vector.
Third, unforeseen side effects. With all our integration we glue more and more
components together. It's not unrealistic to think that in the near future
two independent links between components (say, KOffice and KParts and KParts
and KIO) turn out to be dangerous when used together. Such combinations are
often not considered originally because they weren't part of the use case,
but as software and component technology evolves we might someday have
exactly this without actively working on it. By then we can only hope that
the combination doesn't result in privilege escalation.
History has shown time and again that this third use case *does* happen, and
since it is always something that happens by coincidence it's hard to avoid.
The only way to avoid it is to put limits on the amount of integration -- at
the expense of the user experience. That's why I said that from an admin pov
it's dangerous, while for the user it's wonderful.
--
Martijn
_______________________________________________
This message is from the kde-promo mailing list.
Visit https://mail.kde.org/mailman/listinfo/kde-promo to unsubscribe, set digest on \
or temporarily stop your subscription.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic