Secure Coding mailing list archives
Re: Opinion re an interesting article on Linux security in Linux Journal
From: Richard Moore <rich () westpoint ltd uk>
Date: Tue, 09 Mar 2004 18:37:44 +0000
Disclosure: I'm part of the KDE core team Kenneth R. van Wyk wrote: Case in point, I just got KDE 3.2 on my PC over the weekend (thanks to the Debian-Sid distribution), and I'm seeing the email/PIM environment appearing more and more like Outlook. I can open an email attachment straight into its respective app with just 2 clicks of the mouse (although that's actually been possible for some time). That's not to say that doing so is a good idea, but give the common desktop user the _opportunity_ and... A few things to note about this: 1. The PIM environment is actually a container that embeds the same kmail/kontact/addressbook code as that used in the standalone apps. The aim here is to bring them together into a single UI for those who want to work in that outlook-like way. (Note that you can still use everything standalone). 2. While you can open things in their apps, what you can't do is make anything directly execute - that takes an addition step (eg. using konqueror or the command line to set the executable flag, then running the attachment). Since we do not let macros run on document openning, the risks of opening things are minimised. 3. We do not display HTML email by default which drastically reduces the risk of information leakage, and when you do enable HTML java and javascript are disabled. Unlike Microsoft, we aim to make things secure in the default configuration (even at the expense of a little convenience). If anyone does find a problem, please use [EMAIL PROTECTED] to notify us. Cheers Rich. (speaking for himself not the kde-pim team).
Current thread:
- Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
(Thread continues...)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)