[texworks] Script: Questions about the API
Paul A Norman
paul.a.norman at gmail.com
Wed Apr 14 01:43:38 CEST 2010
I can see the need to be a little bit careful, if the user didn't
watch what they were doing (especially someone supplying scripts to
users who otherwise have no scripting knowledge) bad stuff could
happen to other files especially in Windows many flavours of which
have few permission safeguards - and whcih for practical resons many
users run in Administrator mode..
But it could be lnked to allowing Scripts to run system commands check
box under preferences?
Paul
On 14 April 2010 01:49, T T <t34www at googlemail.com> wrote:
> On 13 April 2010 07:06, Stefan Löffler <st.loeffler at gmail.com> wrote:
>> If you can write arbitrary data to arbitrary positions on the
>> disk, this can be pretty serious security vulnerability.
>
> Why? The extension script will not get more permissions than the
> program (process) in which it runs and I see no reason why it should
> have less permissions. After all, extension scripts are logically a
> part of an application and not a part of a document as in case of,
> say, html and browsers.
>
> Cheers,
>
> Tomek
>
>
More information about the texworks
mailing list