Security manager bug (?)

[Vyper]

Originally Posted by Shirik You do realize you're talking to one of the two people that monitors incoming executable files at WoWInterface, right? I'm the one that disassembles them and determines their safety (and yes, I have found things others have missed, for example that one famous executable that waited 30 minutes before sending information off, avoiding detection by others -- I was the one that said "It may look safe, but something doesn't seem right about this code" ... and sure enough I was right ) In any case, while I might agree Java is fairly trivial to disassemble, I'm one that argues so is any other language. Do you really think you'll take the time and effort to go look into a module before installing it?

Well no, as a general rule I wouldn't.... but now that you've made it a challenge..... ;-)

Your no doubt much better at such things than me, if you feel assembly is easy to reverse. Admittedly, I've only tried it a few times when I was teaching myself from a book, so it's not something I've ever practiced, but I find it quite difficult to keep track of everything on that low a level. Java-byte code on the other hand is kind enough to maintain a lot of the original programs structure. Make is much easier for sissy amatuers like me

Originally Posted by Cairenn If you do a search for a module and see "WoWInterface Minion Module" on ihaxoru.com, it might not be the best place to get it from.

You mean, the version from that site doesn't contain the all exclusive iWIN button? Oh my.... I think I made a boo boo.

[Elhana]

Originally Posted by Cairenn My view on it is pretty easy - Do you trust the site that you are getting the module for? Are you getting it from a reputable site (either their own site or here)? If the answer to both of those is "yes", then what's the problem? If the answer to either of them is "no", then why the hell are you downloading and installing it in the first place? If you do a search for a module and see "WoWInterface Minion Module" on ihaxoru.com, it might not be the best place to get it from. Only use modules from sites you trust. Only get modules from official sites. In three simple words: "Don't be dumb."

Ok, If we are back to a point where users have to decide if they trust a module source I got a simple question following - Why is security manager is there in the first place?
I might aswell go further and ask why someone should trust a closed source updater, but I expect the answer for a first question atleast.

[dewin]

Quote doesn't quote nested quotes properly so here's my attempt at recreating it

Originally Posted by Vyper [...] Interface/ and WTF/Account This would also probably work, but would be tougher as some have multiple accounts.

[/quote]

WTF/Account has all of the account folders. You're thinking WTF/Account/ACCOUNTNAME

However, this doesn't really help as it still gives the account name (via the directory name) -- but Blizzard accounts would be protected, since the account name isn't what you use to log in with.

Furthermore, there's a small but legitimate case for some all-in-one UI UI setups that might actually modify config.wtf to set video options, etc.

I do think the default minion privileges should be something like:
path/to/wow - Read only
path/to/wow/interface, path/to/wow/wtf - Read/write

instead of the current read/write in the core wow folder.

Think about it: Right now, the MMOUI module could replace your WoW.exe with something more sinister.