On Mon, Feb 7, 2011 at 1:24 PM, Alexia Death <alexiade...@gmail.com> wrote:
> On Mon, Feb 7, 2011 at 4:12 PM, Rob Antonishen <rob.antonis...@gmail.com> 
> wrote:
>> In particular, (system command) would be real handy.
>
> It would also make gimp scripts easily exploitable for abuse on the
> system, like exectuting malware.
>


Well.. since we never put a single thought in hardening script-fu
scripts against being "explotable for abuse" - then it is all for the
better that the possibilities are explicit, and available for users.


It is clear that running a complete-featured language program wihtout
a carelfully constructed sandbox environment pretty much gives the
script access to all resources the user runningt he script has. It is
hard to make it otherwise in specific environments to avoid that - so
I think this  is a non-issue.


Note that I still advice anyone trying more sophisticated scripts to
do so in Python, but I see no point in artificially restricting
tiny-fu.

   js
  -><-
> --
> --Alexia
> _______________________________________________
> Gimp-developer mailing list
> Gimp-developer@lists.XCF.Berkeley.EDU
> https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer
>
_______________________________________________
Gimp-developer mailing list
Gimp-developer@lists.XCF.Berkeley.EDU
https://lists.XCF.Berkeley.EDU/mailman/listinfo/gimp-developer

Reply via email to