[PD] [file]

IOhannes m zmoelnig zmoelnig at iem.at
Tue Aug 31 13:05:06 CEST 2021


On 8/31/21 12:38 PM, Ingo Stock wrote:
> Looks great!
> 
> Has this any security implications?

sure.
if the user is allowed to overwrite "C:\Windows\system32\rundll32.exe" 
they could inject malicious code.
or delete that file.

however, if they are allowed to overwrite that file, they can already 
replace it with the contents of a WAV-file to bork the system.

so I don't think there are additional security implications¹.

>  Could this be used to attack other
> computers?

*other* computers?
no, not really.
it provides an interface to your filesystem.
unless your filesystem lives on other computers, i don't see how you 
could impact them.

gfmasdr
IOhannes

¹ i wonder whether it would be possible (with Pd>=0.42) to create a 
patch that creates a gui-plugin on the fly.
if this is true, then you can already do everything that [file] allows 
you to do - and much more.

gfmadsr
IOhannes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20210831/08e08f3f/attachment.sig>


More information about the Pd-list mailing list