[REBOL] Re: [The Gimp] clashes with REBOL on Windows 2000
From: brian:hawley at: 9-May-2004 15:15
Hi Anton,
I just ran REBOL/View from my REBOL home directory to test the
default install behavior. I was able to rename rebol.exe to
another file name (blah.bak) and then write out a random file
downloaded from a remote web site to a file named rebol.exe .
You don't have to delete the file for this exploit to work.
This is a major security hole. And yes, I was on Windows XP.
Keep in mind that I was running in the console though. Scripts
started from the REBOL desktop are sandboxed in their folders
under public, so it's not as bad as it could be. View scripts
started from the desktop actually need Pro or Command features
to do more than fill your hard drive; with Library support or
call enabled all bets are off though.
Brian Hawley
At 12:18 AM 5/10/04 +1000, you wrote: