[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Re: branches/koffice/2.0/koffice
From: Thomas Zander <zander () kde ! org>
Date: 2009-04-10 9:16:52
Message-ID: 200904101116.53044.zander () kde ! org
[Download RAW message or body]
On Friday 10 April 2009 00:10:50 Cyrille Berger wrote:
> SVN commit 951712 by berger:
>
> restoring the shebang
>
> The shebang is needed because scripts can be executed outside of
> kword/kspread/kplato, the scripts don't have the executable flags to avoid
> security issues,
[]
I talked to various much more security capable people than I am and the
conclusion is that scripts that are not in your path and basically don't do
anything with root or system services is not an issue.
There is no security risk. Not any more than there is with installing kword
or dbus with the executable bit set.
I think we should go with the experience that SuSE has gained and the reason
they made this check. Either you have shebangs *and* make the file executable
or you do neither.
I recently learned they can be executed from the command line (it gave odd
errors before I found the krosspython dependency :) so your commit is correct,
but we should go one step further and make them executable.
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic