[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(mgp-users 00430) Re: troyans in mgp !
- To: mgp-users@mew.org
- Subject: (mgp-users 00430) Re: troyans in mgp !
- From: bernhard.eck@ac.rwth-aachen.de
- Date: Mon, 13 Nov 2000 18:47:20 +0900
- Posted: Mon, 13 Nov 2000 11:50:40 +0100
- References: <>
- Reply-to: bernhard.eck@ac.rwth-aachen.de
- Sender: bernhard@nets5.rz.rwth-aachen.de
Eduardo Pérez Ureta wrote:
>
> Hello mpg users !
>
> I was looking at mgp and found a Microsoft "feature"
>
> Did you know that the command : "%filter" and "%system" and "%xsystem"
> can execute commands without you consent?
>
> These commands can execute a possible virus or Trojan embedded in the file.
>
> This is DANGEROUS. Because a user could load a presentation from the Internet a load a virus in his account (more dangerous if he's root).
>
> I've seen many mpg presentations (it's an excellent tool) but this "feature" should be removed. After all I've never seen any presentation using these commands.
>
> If you don't remove this "feature" It should be documented in the documentation.
>
> If any of the main authors read this message It would be great to know his opinion (directly to my e-mail).
>
> Eduardo Pérez Ureta
>
> --
Doing a presentation as root is a serious risk, but why should i do it?
And i strongly disagree to the use of the word "Microsoft feature".
AFAIK in powerpoint i cannot include output from system routines and/or
other programs on runtime. In my case, i include a chemistry diplaying
program itself in my presentation in order to interactivly manipulate
the molecule while the presentation is shown. For this to do in MSWin i
had to switch applications by CNTRl-TAB, so the mpg is much better in
this case, since i additionally can include text and other pictures on
the same page together with the external program output. In short: I
NEED this feature.
And, may i be allowed to ask why somebody should download a presentation
from the internet and immedeatly use it without first evaluating the
contents? I make my presentation by myself, and if not, i will first
take a close look at the document itself.
But, as an idea, probably a switch can be included in order to determine
if the user allows the execution of "system/filter" requests ("This
document contains SYSTEM requests. Should they be activated?"), together
wit ha command line option.
As a quick test for now, a fast "grep system/filter" should also help to
determine the risk taken using a foreign presentation.
Just my opinion,
Bernhard