[RFC] Security and Features in KPDF

Ingo Klöcker kloecker at kde.org
Mon Jan 3 18:43:59 GMT 2005


On Monday 03 January 2005 01:23, Oswald Buddenhagen wrote:
> On Mon, Jan 03, 2005 at 01:08:51AM +0100, Ingo Klöcker wrote:
> > Unfortunately, Stephan's suggestion is also not a very good
> > solution because you can be sure that several distributions will
> > make "kpdf --script %u" the default for PDF "because it's so
> > convenient".
>
> and this is our problem, right? uhm, well ...

Even if it's not our problem who do you think will get the complaints?

> > > But that's the same case as when the user clicks on an unknown
> > > email attachment. Do we forbid email attachments for this reason?
> >
> > That's nonsense. Clicking on an unknown email attachment in KMail
> > does never result in 'rm -Rf /' or similarly dangerous commands
> > being executed.
>
> yeah, right. kmail (and any program called by it) never had, and will
> never have any relevant security holes. therefore attachments are
> safe.

There's a difference between a security hole and a consciously added 
security problem. Do you propose that we make it possible in KMail to 
execute attachments by just clicking on them because there might anyway 
be a security hole in KMail?

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/7e3b16e7/attachment.sig>


More information about the kde-core-devel mailing list