VMD-L Mailing List

From: Olaf Lenz (olenz_at_icp.uni-stuttgart.de)
Date: Wed Feb 19 2014 - 06:01:26 CST

Next message: Olaf Lenz: "Re: Security problem?"
Previous message: Josh Vermaas: "Re: coordinates: visual and in-file"
Next in thread: Cosseddu, Salvatore: "RE: Security problem?"
Reply: Cosseddu, Salvatore: "RE: Security problem?"
Reply: John Stone: "Re: Security problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi everybody!

I have just noticed that VMD will automatically read and play the file
".vmdrc" in the current directory.
I believe that this is a significant security hole. If a user puts a
malicious Tcl script ".vmdrc" into a directory where someone else executes
vmd, the script is executed. Ultimately, this is the same reason, why "."
is not in the PATH.

http://superuser.com/questions/156582/why-is-not-in-the-path-by-default

I would strongly recommend to remove this behavior, or at least make it
configurable via an environment variable or so.

Olaf

-- 
Dr. rer. nat. Olaf Lenz
Institut für Computerphysik, Allmandring 3, D-70569 Stuttgart
Phone: +49-711-685-63607

Next message: Olaf Lenz: "Re: Security problem?"
Previous message: Josh Vermaas: "Re: coordinates: visual and in-file"
Next in thread: Cosseddu, Salvatore: "RE: Security problem?"
Reply: Cosseddu, Salvatore: "RE: Security problem?"
Reply: John Stone: "Re: Security problem?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Home

Overview

Publications

Research

Software

VMD Molecular Graphics Viewer

NAMD Molecular Dynamics Simulator

BioCoRE Collaboratory Environment

MD Service Suite

Structural Biology Software Database

Computational Facility

Outreach

VMD-L Mailing List