I *really* don't like the way blackbox runs arbitrary shell commands in
themes.
There should be a standard way to set backgrounds that doesn't involve
the shell commands.
Exploit:
Malicous themes could contain nasty commands like: rootCommand: rm -rf
$HOME and the like.
Imagine if blackbox is run as root, and you have a theme that contains
stuff like rootCommand: echo
"root:crypt-password:0:0:root:/root:/bin/bash" >>/etc/passwd; bsetroot
<normal stuff>
And they wouldn't know what hit'em because everything will appear
normal, and the bg will be set.
Note that I haven't bothered to test these.
__ __
___ _/ /_/ /__
/ _ `/ __/ '_/
\_, /\__/_/\_\ Geir Torstein Kristiansen
/___/--------------------------------------
