Re: gdk-pixbuf external conversion?

From: Lauris Kaplinski <lauris kaplinski com>
To: Owen Taylor <otaylor redhat com>
Cc: gnome-devel-list gnome org
Subject: Re: gdk-pixbuf external conversion?
Date: Mon, 19 Jun 2000 02:33:57 +0200 (CEST)

On 18 Jun 2000, Owen Taylor wrote:

> Lauris Kaplinski <lauris@kaplinski.com> writes:
> 
> > On 17 Jun 2000, Owen Taylor wrote:
> > 
> > > This is as much a problem for external processes as shared processes
> > > and using convert or netpbm suddenly broadens the range of code that
> > > might be vulnerable.
> > 
> > Not being expert, but how could forked process compromise its 
> > parent, if parent is done The Right Way? Isn't in such case EVERY program
> > security risk?
> 
> It's not a question of the forked process compromising the parent.
> It's just a question of the forked process executing rm -rf /home
> when your mail reader displays the image in some mail...

OK. That it is really :)
So obviously classical UNIX security model is inappropriate in such
situation. Maybe something like gnome-nobodydo (like gnome-sudo) would be
solution in given case - but generally it would be good to move
attachments to sandboxed environment - what AFAIK will be done anyways.

Regards,
Lauris

References:
- Re: gdk-pixbuf external conversion?
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]