Re: security holes in gnome-vfs application list (was Call for

From: Alan Cox <alan redhat com>
To: darin eazel com (Darin Adler)
Cc: alan redhat com (Alan Cox), gnome-hackers gnome org, seth eazel com
Subject: Re: security holes in gnome-vfs application list (was Call for
Date: Mon, 26 Feb 2001 12:31:47 -0500 (EST)

> > A user assumes that the system is shipped in a secure manner, in the same
> > way as your car comes with the break pedal connected, rather than coming
> > with a break pedal and an optional break pedal enabled configuration feature
> 
> I'm not sure what you're proposing? If "insecure programs" are installed on
> a particular system, you think that the Nautilus shell should prevent users
> from starting them?

I wouldnt go that far. 

The programs that are started automatically by mime type bindings as shipped
with nautilus should be

	o	Ones we believe to be reasonably secure
	o	Not shell scripts (too many name parsing bugs)

If the user chooses to add something silly then thats fine (just like if the
user disconnects the brake pedal). Similarly if the user clicks on a file
and says run it with this specific app, then its their own head

So for example default bindings for gqview, abiword, etc probably make a lot
of sense, but not a collect the set mentality - except maybe as items in a
menu you can use to enable later


Alan


_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers

Follow-Ups:
- Re: security holes in gnome-vfs application list (was Call for
  - From: Darin Adler

References:
- Re: security holes in gnome-vfs application list (was Call for file
  - From: Darin Adler

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]