Re: Rise of the Plugins

From: Martin Soto <soto informatik uni-kl de>
To: desktop-devel-list gnome org
Subject: Re: Rise of the Plugins
Date: Fri, 18 May 2007 12:54:30 +0200

Hi Andrew,

On Fri, 2007-05-18 at 11:28 +0100, Andrew Sobala wrote:
> Martin Soto wrote:
> 
> >An additional point that nobody has mentioned so far is security. Most
> >(if not all) plugin implementations already available for Gnome programs
> >seem to allow for installing plugins in some user-owned directory. This
> >means that by gaining access to the user's home directory, an attacker
> >will be able to install code that gets run every time the user logs in:
> >
> 
> Yes, you can do that already. It's what the session's for.
> 
> I'm not saying there aren't security implications of plugins, but being 
> able to run code on login is much easier to do without bothering with them!

The fact that we already have some security holes to plug doesn't mean
we should open new ones, though.

Cheers,

M. S.

Follow-Ups:
- Re: Rise of the Plugins
  - From: Rui Miguel Silva Seabra
- Re: Rise of the Plugins
  - From: Ross Burton

References:
- Rise of the Plugins
  - From: Vincent Untz
- Re: Rise of the Plugins
  - From: Martin Soto
- Re: Rise of the Plugins
  - From: Andrew Sobala

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]