[RFC] Security and Features in KPDF

Oswald Buddenhagen ossi at kde.org
Mon Jan 3 00:23:42 GMT 2005


On Mon, Jan 03, 2005 at 01:08:51AM +0100, Ingo Klöcker wrote:
> Unfortunately, Stephan's suggestion is also not a very good solution 
> because you can be sure that several distributions will make "kpdf 
> --script %u" the default for PDF "because it's so convenient".
> 
and this is our problem, right? uhm, well ...
/me patches the -f option out of his copy of /bin/rm, because debian
  might decide to alias rm='rm -f' in their /etc/bash.bashrc - "because
  it's so convenient".

> > But that's the same case as when the user clicks on an unknown email
> > attachment. Do we forbid email attachments for this reason?
> 
> That's nonsense. Clicking on an unknown email attachment in KMail does
> never result in 'rm -Rf /' or similarly dangerous commands being
> executed.
> 
yeah, right. kmail (and any program called by it) never had, and will
never have any relevant security holes. therefore attachments are safe.
q.e.d.
oh, wait, i've still to prove, that email per se is safe ...

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.




More information about the kde-core-devel mailing list