[Patch] Updated support for external command handlers
Aaron Bentley
aaron.bentley at utoronto.ca
Tue May 10 00:43:08 BST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John A Meinel wrote:
| I think fai handled it with "if it's in your plugin directory, it's safe
| to run". Because you *really* should never make ~/bin your plugin
| directory.
Ultimately, anyone who can put an executable file in an arbitrary
location can run a program with the current user's privilages. So I
don't think this is a new risk. If you don't trust the author, you
shouldn't run their programs.
Aaron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCf/WM0F+nu1YWqI0RAmisAKCDBOxQd1xZIeBSqoNZ9BnxHdhPTQCeKylK
imhIG+L+h4WQy+8UtnnQCow=
=fwvD
-----END PGP SIGNATURE-----
More information about the bazaar
mailing list