Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ncar!tank!eecae!netnews.upenn.edu!grad2.cis.upenn.edu!ranjit From: ranjit@grad2.cis.upenn.edu (Ranjit Bhatnagar) Newsgroups: comp.sys.amiga.tech Subject: Re: Another 1.4 Request: Secure AREXX Message-ID: <15134@netnews.upenn.edu> Date: 5 Oct 89 05:14:57 GMT References: <15071@netnews.upenn.edu> <4276@sugar.hackercorp.com> Sender: news@netnews.upenn.edu Reply-To: ranjit@grad2.cis.upenn.edu.UUCP (Ranjit Bhatnagar) Organization: University of Pennsylvania Lines: 34 In article <4276@sugar.hackercorp.com> peter@sugar.hackercorp.com (Peter da Silva) writes: >> So, Commodore, you're gonna put AREXX in 1.4, eh? Soon the place >> will be crawling with scripts, and some of them will be simple >> viruses or booby traps. That was one of the objections that I >> brought up to my idea of symbolic links to REXX scripts. > >How does this differ from all the programs, device drivers, handlers, and >libraries already crawling all over the place? I brought up that point in my original article. Couldn't hurt to read the whole thing. In more depth: 1- arexx makes it possible for all sorts of things to happen without the user's direct request or knowledge, and can make the consequences of previously harmless actions be harmful or unexpected. Example: macros for DME. Before AREXX, the only way a DME macro could do any damage was to, for instance, save an empty buffer on top of a file. With AREXX, a DME macro can do anything. Joe Casual User (JCU) downloads a new set of macros from a bulletin board, thinking that at least editor macros can't be booby trapped... 2- why the heck NOT add some protection. It's possible, and not too hard. Handy for programmers too, during testing stages. 3- it's all moot, anyway. The earth is in a cloud of asteroids; one of these days we'll be blown away. "Trespassers w" ranjit@eniac.seas.upenn.edu mailrus!eecae!netnews!eniac!... "Such a brute that even his shadow breaks things." (Lorca)