Re: Rise of the Plugins

Martin Soto wrote:

An additional point that nobody has mentioned so far is security. Most
(if not all) plugin implementations already available for Gnome programs
seem to allow for installing plugins in some user-owned directory. This
means that by gaining access to the user's home directory, an attacker
will be able to install code that gets run every time the user logs in:

Yes, you can do that already. It's what the session's for.

I'm not saying there aren't security implications of plugins, but being able to run code on login is much easier to do without bothering with them!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]