[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

:zz: Security risk? PS--

To: zzdev@xxxxxxxxxx
Subject: :zz: Security risk? PS--
From: Ted Nelson <ted@xxxxxxxxxx>
Date: Thu, 08 Oct 1998 20:51:23 +0900
Cc: ted@xxxxxxxxxxxxxx
Reply-to: zzdev@xxxxxxxxxx

So how come it's more of a security risk
 when it's loaded from a CNS copy than if I
 download it and run it on CNS myself?  Huh?  Huh ?-)

ChrzT



>WOOPS!  Gee, Andrew,
>
>I didn't realize we were a security risk.  I thought we were
> always running in user spaces which had limited privileges.
> And that while a master copy resides in system space somewhere,
> it just got copied into user space prior to execution.
>
>You mean a Perl program could break out of a user's
> low-privileged space ?-(
>
>Best, T
>
>
>At 05:06 PM 10/8/98 +1000, you wrote:
>>On Tue, Oct 06, 1998 at 02:45:16PM +1000, Gossamer wrote:
>>> Ted Nelson wrote:
>>> > Unforch CNS say they don't want ZZ files to open
>>> >  automatically from the whatchamacallit table.
>>> >  Say it's a security risk.
>>> 
>>> Umm, xanni, can you translate this?  :)
>>
>>Yeah, I can see why they feel that way.  Since zigzag cells can contain
>>perl code which can do anything the user can do, it would be trivial to
>>write trojans using zigzag that would do almost anything malicious when
>>certain cells were executed.  Of course, users should probably look at
>>the cell contents before executing them.  Since Zigzag doesn't execute
>>any cell contents automatically at present, only when requested by the
>>user, this is not a severe risk as it is with MS Word or Excel.
>>
>>Cheers,
>>	*** Xanni ***
>>-- 
>>mailto:xanni@xxxxxxxxxx                         Andrew Pam
>>http://www.xanadu.com.au/                       Technical VP, Xanadu
>>http://www.glasswings.com.au/                   Technical Editor, Glass
Wings
>>http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
>>P.O. Box 26, East Melbourne VIC 8002 Australia  Phone +61 3 96511511
>>
>>
____________________________________________________
Theodor Holm Nelson, Visiting Professor of Environmental Information
 Keio University, Shonan Fujisawa Campus, Fujisawa, Japan
 Home Fax from USA: 011-81-466-46-7368  (If in Japan, 0466-46-7368)
Professorial home page http://www.sfc.keio.ac.jp/~ted/ 
_____________________________________________________
Permanent: Project Xanadu, 3020 Bridgeway #295, Sausalito CA 94965
 Tel. 415/ 331-4422, fax 415/332-0136  
http://www.xanadu.net
PERMANENT E-MAIL: ted@xxxxxxxxxx
_____________________________________________________
Quotation of the day, 98.10.08:
"The technical difference between a language and a dialect: a language is a
dialect with an army."  --Author unknown 
"The technical difference between a religion and a cult: a religion is a
cult with downtown lawyers."  TN89

Follow-Ups:
- Re: :zz: Security risk? PS--
  - From: Andrew Pam

Prev by Date: :zz: I haven't tried 0.54 yet
Next by Date: Re: :zz: Huh? HQ raster?
Previous by thread: :zz: GOOD AND BAD NEWS about editing ZZ at Keio
Next by thread: Re: :zz: Security risk? PS--
Index(es):