On Wed, 2007-04-11 at 07:46 -0700, Kees Cook wrote:
On Tue, Apr 10, 2007 at 11:12:17PM -0700, Ted Gould wrote:
Cool, thanks Kees. Now do you have to write up an exploit for this? ;)
Heh, nah; currently it is only "exploitable" by people typing stuff into parameter windows or making their own evil .inx files. If anyone wants to hack themselves, I don't want to stand in the way. :)
But, going forward, it should be fixed in case extension scripts become easier to 'share' in the future, etc etc.
Okay, the only reason I was curious is because users can install extensions in their home directory and Inkscape will pick them up. They would still have to download it, so I guess the worst case is some sort of trojan horse type thing where a potentially malicious extension is advertised as being really useful.
--Ted