Re: Is Lout a virus spreader?

lout-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is Lout a virus spreader?

From:	Andrew Cassin
Subject:	Re: Is Lout a virus spreader?
Date:	Thu, 18 Jan 1996 10:03:28 +1100 (EST)

> The definition contains a @Filter which contains this shell script,
> and the document body executes it.  You could bury the nasty definition
> a couple of pages down in the document where the casual observer would
> not notice it.  I guess this is what Ian had in mind.  He says:
> 
>     [The @Filter] feature should only be available if you
>     invoke Lout in an `unsafe' mode, and the default should
>     be to invoke it in a safe mode.
> 
>     Otherwise there is no safe way to format documents
>     supplied by other people.
> 
> Any comments?  Ideas for even nastier things?  Suggestions for what
> should be done about this, if anything?  It would be easy to add a
> command line flag to disable the @Filter feature.  Is that the answer?

Yes I think @Filter (and anything else...) should be disabled by default.
A similar problem exists with ghostscript and the postscript file manipulation
operators.

Actually come to think of it, whats to stop you from burying the commands
in postscript??? Does this mean we should ban @IncludeGraphic etc...

ACAS

[Prev in Thread]

Current Thread

[Next in Thread]

Is Lout a virus spreader?, Jeff Kingston, 1996/01/16
- Re: Is Lout a virus spreader?, Greg A. Woods, 1996/01/17
- Re: Is Lout a virus spreader?, Andrew Cassin <=
- Re: Is Lout a virus spreader?, T. Kurt Bond, 1996/01/16
- Re: Is Lout a virus spreader?, David Middleton, 1996/01/17

Prev by Date: small point about punctuation
Next by Date: Re: small point about punctuation
Previous by thread: Re: Is Lout a virus spreader?
Next by thread: Re: Is Lout a virus spreader?
Index(es):
- Date
- Thread