[RFC] Security and Features in KPDF

Ingo Klöcker kloecker at kde.org
Mon Jan 3 00:08:51 GMT 2005 

On Monday 03 January 2005 00:19, Tobias Koenig wrote:
> Hi,
>
> some times ago there was an implementation for KPDF which allows to
> execute an application which is specified in the PDF document.
>
> The implementation was criticized by some developers because of
> security concerns.
>
> IMHO the feature is really nice. When you use acroread/kpdf as
> presentation program for a talk, you can/could directly start the
> application you talk about without closing the presentation program
> first (which looks quite unprofessional).
>
> The main concerns are, that some bad guy could create a PDF file with
> the command 'rm -Rf /' inside I guess. This problems can be solved by
> always asking the user whether he wants to execute this application
> and showing him the full command that will be executed.
>
> This is really a save solution. When the user still clicks on 'Ok'
> and the virus/wurm is executed... well, that's the users problem.

Yeah, right. Since when do users read dialogs? I can assure you that 
enough people are already trained to click on each [OK] button they see 
without even think about reading the text of the dialog. Especially, if 
they've already seen the same dialog in the same situation (here, 
clicking on a link in a PDF) a hundred times. Do you really believe 
that the users will still read the text of the dialog when it comes up 
the 101st time?

Unfortunately, Stephan's suggestion is also not a very good solution 
because you can be sure that several distributions will make "kpdf 
--script %u" the default for PDF "because it's so convenient".

> But 
> that's the same case as when the user clicks on an unknown email
> attachment. Do we forbid email attachments for this reason?

That's nonsense. Clicking on an unknown email attachment in KMail does 
never result in 'rm -Rf /' or similarly dangerous commands being 
executed. You really shouldn't spread FUD about applications you don't 
know first hand. Or were you talking about Mutt?

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/76bd1f4b/attachment.sig>

More information about the kde-core-devel mailing list