Re: Rise of the Plugins

Hi Andrew,

On Fri, 2007-05-18 at 11:28 +0100, Andrew Sobala wrote:
> Martin Soto wrote:
> >An additional point that nobody has mentioned so far is security. Most
> >(if not all) plugin implementations already available for Gnome programs
> >seem to allow for installing plugins in some user-owned directory. This
> >means that by gaining access to the user's home directory, an attacker
> >will be able to install code that gets run every time the user logs in:
> >
> Yes, you can do that already. It's what the session's for.
> I'm not saying there aren't security implications of plugins, but being 
> able to run code on login is much easier to do without bothering with them!

The fact that we already have some security holes to plug doesn't mean
we should open new ones, though.


M. S.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]