[RFC] Security and Features in KPDF

Tobias Koenig tokoe at kde.org
Sun Jan 2 23:19:27 GMT 2005


some times ago there was an implementation for KPDF which allows to
execute an application which is specified in the PDF document.

The implementation was criticized by some developers because of security

IMHO the feature is really nice. When you use acroread/kpdf as
presentation program for a talk, you can/could directly start the
application you talk about without closing the presentation program
first (which looks quite unprofessional).

The main concerns are, that some bad guy could create a PDF file with
the command 'rm -Rf /' inside I guess. This problems can be solved by
always asking the user whether he wants to execute this application and
showing him the full command that will be executed.

This is really a save solution. When the user still clicks on 'Ok' and
the virus/wurm is executed... well, that's the users problem. But that's
the same case as when the user clicks on an unknown email attachment.
Do we forbid email attachments for this reason?

So I'd like to ask the core-developers if it's ok to add this feature to
KPDF again together with the necessary security options.

Separate politics from religion and economy!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/3486b428/attachment.sig>

More information about the kde-core-devel mailing list