On Mon, Jun 06, 2005 at 02:28:55PM -0400, Anthony DeRobertis wrote: > Roberto C. Sanchez wrote: > > > At some point, you do need to execute something on your machine, else > > you may as well unplug it and find something else to do. I understand > > what you are saying, but we can't put everyone in a small padded room. > > Based on your assessment, we would have cause to seek the removal of > > latex, vi, emacs, cat and less. > > Ummm, I think you've missed my point. The thread is discussing a GAIM > (instant message client) plugin. So that script is not run by you, it is > run by an arbitrary stranger sending you an instant message, but on your > machine and as you. That's why its a problem. > > Looks like if you installed this package, I could send you an IM and > overwrite an arbitrary file on your machine. > > [This is just judging from the code snippet posted; don't have time to > fully audit the software.] > OK. My mistake. I understood the program to run the code on your machine and then send the graphic across the connection. I think that would be more usable (only the sender needs gaim-latex) and much safer. -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
Attachment:
pgpuj5S6i_pU3.pgp
Description: PGP signature