[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(mgp-users 00430) Re: troyans in mgp !

To: mgp-users@mew.org
Subject: (mgp-users 00430) Re: troyans in mgp !
From: bernhard.eck@ac.rwth-aachen.de
Date: Mon, 13 Nov 2000 18:47:20 +0900
Posted: Mon, 13 Nov 2000 11:50:40 +0100
References: <>
Reply-to: bernhard.eck@ac.rwth-aachen.de
Sender: bernhard@nets5.rz.rwth-aachen.de

Eduardo Pérez Ureta wrote:
> 
> Hello mpg users !
> 
> I was looking at mgp and found a Microsoft "feature"
> 
> Did you know that the command : "%filter" and "%system" and "%xsystem"
> can execute commands without you consent?
> 
> These commands can execute a possible virus or Trojan embedded in the file.
> 
> This is DANGEROUS. Because a user could load a presentation from the Internet a load a virus in his account (more dangerous if he's root).
> 
> I've seen many mpg presentations (it's an excellent tool) but this "feature" should be removed. After all I've never seen any presentation using these commands.
> 
> If you don't remove this "feature" It should be documented in the documentation.
> 
> If any of the main authors read this message It would be great to know his opinion (directly to my e-mail).
> 
>                 Eduardo Pérez Ureta
> 
> --

Doing a presentation as root is a serious risk, but why should i do it?
And i strongly disagree to the use of the word "Microsoft feature".
AFAIK in powerpoint i cannot include output from system routines and/or
other programs on runtime. In my case, i include a chemistry diplaying
program itself in my presentation in order to interactivly manipulate
the molecule while the presentation is shown. For this to do in MSWin i
had to switch applications by CNTRl-TAB, so the mpg is much better in
this case, since i additionally can include text and other pictures on
the same page together with the external program output. In short: I
NEED this feature.

And, may i be allowed to ask why somebody should download a presentation
from the internet and immedeatly use it without first evaluating the
contents? I make my presentation by myself, and if not, i will first
take a close look at the document itself.

But, as an idea, probably a switch can be included in order to determine
if the user allows the execution of "system/filter" requests ("This
document contains SYSTEM requests. Should they be activated?"), together
wit ha command line option.

As a quick test for now, a fast "grep system/filter" should also help to
determine the risk taken using a foreign presentation.

Just my opinion,

Bernhard

References:
- (mgp-users 00428) troyans in mgp !
  - From: Eduardo Pérez Ureta <100018135@alumnos.uc3m.es>

Prev by Date: (mgp-users 00429) Re: troyans in mgp !
Next by Date: (mgp-users 00431) Re: troyans in mgp !
Previous by thread: (mgp-users 00429) Re: troyans in mgp !
Next by thread: (mgp-users 00431) Re: troyans in mgp !
Index(es):
- Date
- Thread