[Date Prev][Date Next][Thread Prev][Thread Next][Author Index][Date Index][Thread Index]

:zz: Security risk? US? MOI??

WOOPS!  Gee, Andrew,

I didn't realize we were a security risk.  I thought we were
 always running in user spaces which had limited privileges.
 And that while a master copy resides in system space somewhere,
 it just got copied into user space prior to execution.

You mean a Perl program could break out of a user's
 low-privileged space ?-(

Best, T

At 05:06 PM 10/8/98 +1000, you wrote:
>On Tue, Oct 06, 1998 at 02:45:16PM +1000, Gossamer wrote:
>> Ted Nelson wrote:
>> > Unforch CNS say they don't want ZZ files to open
>> >  automatically from the whatchamacallit table.
>> >  Say it's a security risk.
>> Umm, xanni, can you translate this?  :)
>Yeah, I can see why they feel that way.  Since zigzag cells can contain
>perl code which can do anything the user can do, it would be trivial to
>write trojans using zigzag that would do almost anything malicious when
>certain cells were executed.  Of course, users should probably look at
>the cell contents before executing them.  Since Zigzag doesn't execute
>any cell contents automatically at present, only when requested by the
>user, this is not a severe risk as it is with MS Word or Excel.
>	*** Xanni ***
>mailto:xanni@xxxxxxxxxx                         Andrew Pam
>http://www.xanadu.com.au/                       Technical VP, Xanadu
>http://www.glasswings.com.au/                   Technical Editor, Glass Wings
>http://www.sericyb.com.au/sc/                   Manager, Serious Cybernetics
>P.O. Box 26, East Melbourne VIC 8002 Australia  Phone +61 3 96511511
Theodor Holm Nelson, Visiting Professor of Environmental Information
 Keio University, Shonan Fujisawa Campus, Fujisawa, Japan
 Home Fax from USA: 011-81-466-46-7368  (If in Japan, 0466-46-7368)
Professorial home page http://www.sfc.keio.ac.jp/~ted/ 
Permanent: Project Xanadu, 3020 Bridgeway #295, Sausalito CA 94965
 Tel. 415/ 331-4422, fax 415/332-0136  
PERMANENT E-MAIL: ted@xxxxxxxxxx
Quotation of the day, 98.10.08:
"The technical difference between a language and a dialect: a language is a
dialect with an army."  --Author unknown 
"The technical difference between a religion and a cult: a religion is a
cult with downtown lawyers."  TN89