VMD-L Mailing List
From: Olaf Lenz (olenz_at_icp.uni-stuttgart.de)
Date: Wed Feb 19 2014 - 06:01:26 CST
- Next message: Olaf Lenz: "Re: Security problem?"
- Previous message: Josh Vermaas: "Re: coordinates: visual and in-file"
- Next in thread: Cosseddu, Salvatore: "RE: Security problem?"
- Reply: Cosseddu, Salvatore: "RE: Security problem?"
- Reply: John Stone: "Re: Security problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Hi everybody!
I have just noticed that VMD will automatically read and play the file
".vmdrc" in the current directory.
I believe that this is a significant security hole. If a user puts a
malicious Tcl script ".vmdrc" into a directory where someone else executes
vmd, the script is executed. Ultimately, this is the same reason, why "."
is not in the PATH.
http://superuser.com/questions/156582/why-is-not-in-the-path-by-default
I would strongly recommend to remove this behavior, or at least make it
configurable via an environment variable or so.
Olaf
-- Dr. rer. nat. Olaf Lenz Institut für Computerphysik, Allmandring 3, D-70569 Stuttgart Phone: +49-711-685-63607
- Next message: Olaf Lenz: "Re: Security problem?"
- Previous message: Josh Vermaas: "Re: coordinates: visual and in-file"
- Next in thread: Cosseddu, Salvatore: "RE: Security problem?"
- Reply: Cosseddu, Salvatore: "RE: Security problem?"
- Reply: John Stone: "Re: Security problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]