Re: I've never felt so angry!
@46, I must disagree on "crap logic". Why would someone download a .py file (containing whatever they like) and call Python's exec() function on it? Why would a hobbyist project even want to do such a thing when the alternative, doing auto-updates the normal way, is better?
Doing this the way he did it is incredibly fishy, Defender. This is not mob mentality -- its downright dangerous programming. By using such a coding methodology, he is creating a shell, for lack of a better word, that downloads something (over an insecure connection, no less) and immediately executes it. That allows him to do whatever he pleases, and the user won't even know what happens because the applications behavior is now unpredictable. He literally could do anything so long as it doesn't require administrative rights, and that is * a lot*.
There are varying uses of exec() in the wild; one of them is config file code execution. But this is usually handled very carefully (considering the sheer level of danger you introduce). Careful steps have to be taken when implementing something like this. The author of multi-extra did not do any of these things. And the way the code is written, coupled with the fishy things he's done in the passed, makes this look very suspicious and deliberate.
-- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
