[RFC] Security and Features in KPDF
kloecker at kde.org
Mon Jan 3 00:08:51 GMT 2005
On Monday 03 January 2005 00:19, Tobias Koenig wrote:
> some times ago there was an implementation for KPDF which allows to
> execute an application which is specified in the PDF document.
> The implementation was criticized by some developers because of
> security concerns.
> IMHO the feature is really nice. When you use acroread/kpdf as
> presentation program for a talk, you can/could directly start the
> application you talk about without closing the presentation program
> first (which looks quite unprofessional).
> The main concerns are, that some bad guy could create a PDF file with
> the command 'rm -Rf /' inside I guess. This problems can be solved by
> always asking the user whether he wants to execute this application
> and showing him the full command that will be executed.
> This is really a save solution. When the user still clicks on 'Ok'
> and the virus/wurm is executed... well, that's the users problem.
Yeah, right. Since when do users read dialogs? I can assure you that
enough people are already trained to click on each [OK] button they see
without even think about reading the text of the dialog. Especially, if
they've already seen the same dialog in the same situation (here,
clicking on a link in a PDF) a hundred times. Do you really believe
that the users will still read the text of the dialog when it comes up
the 101st time?
Unfortunately, Stephan's suggestion is also not a very good solution
because you can be sure that several distributions will make "kpdf
--script %u" the default for PDF "because it's so convenient".
> that's the same case as when the user clicks on an unknown email
> attachment. Do we forbid email attachments for this reason?
That's nonsense. Clicking on an unknown email attachment in KMail does
never result in 'rm -Rf /' or similarly dangerous commands being
executed. You really shouldn't spread FUD about applications you don't
know first hand. Or were you talking about Mutt?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the kde-core-devel