Quoting Kevin Cozens <ke...@ve3syb.ca>:

> Um... no. The "system" function was deliberately left out of the portion of
> tsx I included with Script-Fu. Few people would need it and it is just too
> dangerous to have available in all GIMP installs. It would allow creation of
> trojan scripts that could do damage to a computer.
> On the other hand, the Perl, Python, and Ruby language bindings can issue
> system commands so malware scripts are already possible but not every GIMP
> install can use those other language bindings "out of the box".
> We need to think a little about this before going ahead and enabling a
> function that would allow system calls to be used in scripts that could be
> run on any machine with GIMP.

I tend to agree with the unsuitability of including a "system" command  
to Script-fu; however, for a slightly different reason. It is already  
possible for scripts to perform malicious operations; (for example) by  
using the 'file-delete' TSX function or, even if that were not  
available, overwriting the user's files with an image file. The latter  
approach is available through the PDB itself and I don't think  
protection from it could be provided without severely crippling  

Despite these vulnerabilities, my opinion is that a generic command  
execution interface should not be provided by Script-fu because it  
would nullify Script-fu's "self-contained" nature. Knowing that any  
Script-fu .scm file can run on any deployment of GIMP (barring version  
differences) without any dependence upon any outside resources is to  
my mind a VERY desirable feature and this feature should not be  

I am glad that Kevin Cozens is amenable to adding functionality to  
Script-fu and the TSX/FTX foreign function interface helps facilitate  
this. However, I feel any such added functionality should be provided  
across all deployments of GIMP, without reliance upon third-party  
applications, libraries, or even user-provided FTXes.

Gimp-developer mailing list

Reply via email to