Re: Rise of the Plugins

From: Andrew Sobala <aes gnome org>
To: Martin Soto <soto informatik uni-kl de>
Cc: desktop-devel-list gnome org
Subject: Re: Rise of the Plugins
Date: Fri, 18 May 2007 11:28:28 +0100

Martin Soto wrote:

An additional point that nobody has mentioned so far is security. Most
(if not all) plugin implementations already available for Gnome programs
seem to allow for installing plugins in some user-owned directory. This
means that by gaining access to the user's home directory, an attacker
will be able to install code that gets run every time the user logs in:


Yes, you can do that already. It's what the session's for.

I'm not saying there aren't security implications of plugins, but beingable to run code on login is much easier to do without bothering with them!


--
Andrew

Follow-Ups:
- Re: Rise of the Plugins
  - From: Martin Soto

References:
- Rise of the Plugins
  - From: Vincent Untz
- Re: Rise of the Plugins
  - From: Martin Soto

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]