Quoting Kevin Cozens <ke...@ve3syb.ca>:
> Um... no. The "system" function was deliberately left out of the portion of
> tsx I included with Script-Fu. Few people would need it and it is just too
> dangerous to have available in all GIMP installs. It would allow creation of
> trojan scripts that could do damage to a computer.
> On the other hand, the Perl, Python, and Ruby language bindings can issue
> system commands so malware scripts are already possible but not every GIMP
> install can use those other language bindings "out of the box".
> We need to think a little about this before going ahead and enabling a
> function that would allow system calls to be used in scripts that could be
> run on any machine with GIMP.
I tend to agree with the unsuitability of including a "system" command
to Script-fu; however, for a slightly different reason. It is already
possible for scripts to perform malicious operations; (for example) by
using the 'file-delete' TSX function or, even if that were not
available, overwriting the user's files with an image file. The latter
approach is available through the PDB itself and I don't think
protection from it could be provided without severely crippling
Despite these vulnerabilities, my opinion is that a generic command
execution interface should not be provided by Script-fu because it
would nullify Script-fu's "self-contained" nature. Knowing that any
Script-fu .scm file can run on any deployment of GIMP (barring version
differences) without any dependence upon any outside resources is to
my mind a VERY desirable feature and this feature should not be
I am glad that Kevin Cozens is amenable to adding functionality to
Script-fu and the TSX/FTX foreign function interface helps facilitate
this. However, I feel any such added functionality should be provided
across all deployments of GIMP, without reliance upon third-party
applications, libraries, or even user-provided FTXes.
Gimp-developer mailing list