Re: gdk-pixbuf external conversion?

On 18 Jun 2000, Owen Taylor wrote:

> Lauris Kaplinski <> writes:
> > On 17 Jun 2000, Owen Taylor wrote:
> > 
> > > This is as much a problem for external processes as shared processes
> > > and using convert or netpbm suddenly broadens the range of code that
> > > might be vulnerable.
> > 
> > Not being expert, but how could forked process compromise its 
> > parent, if parent is done The Right Way? Isn't in such case EVERY program
> > security risk?
> It's not a question of the forked process compromising the parent.
> It's just a question of the forked process executing rm -rf /home
> when your mail reader displays the image in some mail...

OK. That it is really :)
So obviously classical UNIX security model is inappropriate in such
situation. Maybe something like gnome-nobodydo (like gnome-sudo) would be
solution in given case - but generally it would be good to move
attachments to sandboxed environment - what AFAIK will be done anyways.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]