*yawn* This is why we need syscall mandatory access controls by default in every distribution. Would stop exploit vectors like this dead in their tracks. On Fri, 2004-03-05 at 08:43, Jerry Haltom wrote: > I just want to be the only one asking questions about this. Is this > really a good idea? How safe is gtkhtml? I ask because there have been > at least 5 viruses on Windows that I know of that exploit this exact > same thing. Find exploit in Exporter, put file on disk, wait until > somebody browses it, exploit. I think before something like this makes > it into Gnome somebody needs to have this discussion. :) > > On Mon, 2004-02-23 at 06:29, Nadav Rotem wrote: > > Hi, > > > > I am trying to implement Nautilus html thumbs using gtkhtml. I decided > > to render the html file to a widget and than save it to a file. I have a > > few problems with that. I need to be able to render the widget off the > > screen and still be able to save it. > > > > I looked into fake_expose_widget() from > > control-center-2.5.3/capplets/common/theme-thumbnail.c > > and also from > > /epiphany-1.1.9/lib/egg/egg-editable-toolbar.c > > > > I am able to render simple widgets such as lables, and buttons. More > > complex widgets such as containers need special handling, that I can do. > > I need to loop > > through each component and render it. In the case of gtkhtml, I do not > > know the structure of the widget and it does not get rendered when I > > call fake_expose_widget() on it. > > > > Is there a known fix? Is there any other way to save the canvas? (gnome > > print maybe?) > > > > -Nadav Rotem > > Attached: the code
Attachment:
signature.asc
Description: This is a digitally signed message part