On 8/31/21 12:38 PM, Ingo Stock wrote:
Looks great!Has this any security implications?
sure.if the user is allowed to overwrite "C:\Windows\system32\rundll32.exe" they could inject malicious code.
or delete that file.however, if they are allowed to overwrite that file, they can already replace it with the contents of a WAV-file to bork the system.
so I don't think there are additional security implications¹.
Could this be used to attack other computers?
*other* computers? no, not really. it provides an interface to your filesystem.unless your filesystem lives on other computers, i don't see how you could impact them.
gfmasdr IOhannes¹ i wonder whether it would be possible (with Pd>=0.42) to create a patch that creates a gui-plugin on the fly. if this is true, then you can already do everything that [file] allows you to do - and much more.
gfmadsr IOhannes
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ [email protected] mailing list UNSUBSCRIBE and account-management -> https://lists.puredata.info/listinfo/pd-list
