[texworks] Script: Questions about the API
t34www at googlemail.com
Tue Apr 13 15:49:09 CEST 2010
On 13 April 2010 07:06, Stefan Löffler <st.loeffler at gmail.com> wrote:
> If you can write arbitrary data to arbitrary positions on the
> disk, this can be pretty serious security vulnerability.
Why? The extension script will not get more permissions than the
program (process) in which it runs and I see no reason why it should
have less permissions. After all, extension scripts are logically a
part of an application and not a part of a document as in case of,
say, html and browsers.
More information about the texworks