[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

:zz: Security risk? US? MOI??

To: zzdev@xxxxxxxxxx
Subject: :zz: Security risk? US? MOI??
From: Ted Nelson <ted@xxxxxxxxxx>
Date: Thu, 08 Oct 1998 20:31:08 +0900
Cc: ted@xxxxxxxxxxxxxx
In-reply-to: <19981008170623.Q602@xxxxxxxxxxxxxxxxx>
References: <19981006144516.A2222@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002215120.A18396@xxxxxxxxxxxxxx> <19981002142730.G3343@xxxxxxxxxxxxxxxxx> <3.0.3.32.19981005190704.00885470@xxxxxxxxxxxxxxxxxxx> <19981006144516.A2222@xxxxxxxxxxxxxx>
Reply-to: zzdev@xxxxxxxxxx

WOOPS!  Gee, Andrew,

I didn't realize we were a security risk.  I thought we were
 always running in user spaces which had limited privileges.
 And that while a master copy resides in system space somewhere,
 it just got copied into user space prior to execution.

You mean a Perl program could break out of a user's
 low-privileged space ?-(

Best, T


At 05:06 PM 10/8/98 +1000, you wrote:
>On Tue, Oct 06, 1998 at 02:45:16PM +1000, Gossamer wrote:
>> Ted Nelson wrote:
>> > Unforch CNS say they don't want ZZ files to open
>> >  automatically from the whatchamacallit table.
>> >  Say it's a security risk.
>> 
>> Umm, xanni, can you translate this?  :)
>
>Yeah, I can see why they feel that way.  Since zigzag cells can contain
>perl code which can do anything the user can do, it would be trivial to
>write trojans using zigzag that would do almost anything malicious when
>certain cells were executed.  Of course, users should probably look at
>the cell contents before executing them.  Since Zigzag doesn't execute
>any cell contents automatically at present, only when requested by the
>user, this is not a severe risk as it is with MS Word or Excel.
>
>Cheers,
>	*** Xanni ***
>-- 
>mailto:xanni@xxxxxxxxxx                         Andrew Pam
>http://www.xanadu.com.au/                       Technical VP, Xanadu
>http://www.glasswings.com.au/                   Technical Editor, Glass Wings
>http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
>P.O. Box 26, East Melbourne VIC 8002 Australia  Phone +61 3 96511511
>
>
____________________________________________________
Theodor Holm Nelson, Visiting Professor of Environmental Information
 Keio University, Shonan Fujisawa Campus, Fujisawa, Japan
 Home Fax from USA: 011-81-466-46-7368  (If in Japan, 0466-46-7368)
Professorial home page http://www.sfc.keio.ac.jp/~ted/ 
_____________________________________________________
Permanent: Project Xanadu, 3020 Bridgeway #295, Sausalito CA 94965
 Tel. 415/ 331-4422, fax 415/332-0136  
http://www.xanadu.net
PERMANENT E-MAIL: ted@xxxxxxxxxx
_____________________________________________________
Quotation of the day, 98.10.08:
"The technical difference between a language and a dialect: a language is a
dialect with an army."  --Author unknown 
"The technical difference between a religion and a cult: a religion is a
cult with downtown lawyers."  TN89

Follow-Ups:
- Re: :zz: Security risk? US? MOI??
  - From: Andrew Pam

References:
- Re: [zzdev] Re: [zzdev] File extension: fly in ointment
  - From: Gossamer
- File extension?
  - From: Gossamer
- Re: [zzdev] File extension?
  - From: Andrew Pam
- Re: [zzdev] File extension: fly in ointment
  - From: Ted Nelson
- Re: [zzdev] Re: [zzdev] Re: [zzdev] File extension: fly in ointment
  - From: Andrew Pam

Prev by Date: Re: [zzdev] Re: [zzdev] :zz: Huh? HQ raster?
Next by Date: R :zz: Huh? HQ raster?
Previous by thread: Re: [zzdev] Re: [zzdev] Re: [zzdev] File extension: fly in ointment
Next by thread: Re: :zz: Security risk? US? MOI??
Index(es):