[RFC] Security and Features in KPDF
ossi at kde.org
Mon Jan 3 00:23:42 GMT 2005
On Mon, Jan 03, 2005 at 01:08:51AM +0100, Ingo KlÃ¶cker wrote:
> Unfortunately, Stephan's suggestion is also not a very good solution
> because you can be sure that several distributions will make "kpdf
> --script %u" the default for PDF "because it's so convenient".
and this is our problem, right? uhm, well ...
/me patches the -f option out of his copy of /bin/rm, because debian
might decide to alias rm='rm -f' in their /etc/bash.bashrc - "because
it's so convenient".
> > But that's the same case as when the user clicks on an unknown email
> > attachment. Do we forbid email attachments for this reason?
> That's nonsense. Clicking on an unknown email attachment in KMail does
> never result in 'rm -Rf /' or similarly dangerous commands being
yeah, right. kmail (and any program called by it) never had, and will
never have any relevant security holes. therefore attachments are safe.
oh, wait, i've still to prove, that email per se is safe ...
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel