[RFC] Security and Features in KPDF
Waldo Bastian
bastian at kde.org
Mon Jan 3 22:17:31 GMT 2005
On Monday 03 January 2005 00:19, Tobias Koenig wrote:
> Hi,
>
> some times ago there was an implementation for KPDF which allows to
> execute an application which is specified in the PDF document.
>
> The implementation was criticized by some developers because of security
> concerns.
>
> IMHO the feature is really nice. When you use acroread/kpdf as
> presentation program for a talk, you can/could directly start the
> application you talk about without closing the presentation program
> first (which looks quite unprofessional).
>
> The main concerns are, that some bad guy could create a PDF file with
> the command 'rm -Rf /' inside I guess. This problems can be solved by
> always asking the user whether he wants to execute this application and
> showing him the full command that will be executed.
>
> This is really a save solution. When the user still clicks on 'Ok' and
> the virus/wurm is executed... well, that's the users problem.
The idea of KDE applications is to help the user solve the problems (s)he
already has, giving the user more problems is counter-productive.
> But that's
> the same case as when the user clicks on an unknown email attachment.
> Do we forbid email attachments for this reason?
>
> So I'd like to ask the core-developers if it's ok to add this feature to
> KPDF again together with the necessary security options.
No, I don't think that's ok because many users will not have enough relevant
knowledge to decide what to do when confronted with such dialog, "kjots" and
"rm -rf" are equally cryptic to many. I suggest that you add a command line
option to explicitly enable such dangerous behavior as Stephan Binner already
proposed.
Cheers,
Waldo
--
bastian at kde.org | Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com | http://www.novell.com/products/desktop/eval.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20050103/8c73815c/attachment.sig>
More information about the kde-core-devel
mailing list