LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Pyspread and security

Pyspread and security

Posted Dec 3, 2009 16:36 UTC (Thu) by mrshiny (subscriber, #4266)
In reply to: Pyspread and security by james
Parent article: Pyspread - a Python-based Spreadsheet application

Exactly. Microsoft learned this lesson painfully over many years through macro viruses. Now macros (that is, embedded code in documents) are turned off by default and certain dangerous operations are disabled unless the macros are signed.

Pyspread is no different from Excel or even web pages in this regard in that it will need to sandbox and control what scripts can do in order to provide security for the user. Sure, a pyspread file can only hurt the files I have access to, but on my single-user system that's all my data, including my pgp keys, photo library, email contact list... etc. Proper restrictions are critical.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds