[RFC] Security and Features in KPDF
Michael Nottebrock
michaelnottebrock at gmx.net
Mon Jan 3 02:39:13 GMT 2005
On Monday, 3. January 2005 02:58, Brad Hards wrote:
> On Mon, 3 Jan 2005 11:08 am, Ingo Klöcker wrote:
> > Unfortunately, Stephan's suggestion is also not a very good solution
> > because you can be sure that several distributions will make "kpdf
> > --script %u" the default for PDF "because it's so convenient".
>
> As the other side of this, how about only allowing a whitelist of "safe"
> options.
Ah, the Outlook approach. :-)
FWIW, I don't think there's a solution really. Tobias thinks it looks bad if
kpdf can't launch an executable or a script, others think it looks bad if it
can. Both are right - the question is which crowd do you we all want to
please, the one that likes smooth automagic presentations or the one that
will pass off KDE as a reimplementation of Microsoft's biggest security
bloopers over it. I'm convinved both those crowds exist and have their share
of vocal evangelists.
Since there can be no agreement, I guess the best course of action would be
"do nothing" (stick to principles, set a precendence, cut short discussion).
The second best one is probably the well-hidden non-default option (you can at
least divert the blame to the respective distro if they choose to turn it on
by default and a spectacular exploit appears).
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/93c86828/attachment.sig>
More information about the kde-core-devel
mailing list