VMD-L Mailing List
From: Olaf Lenz (olenz_at_icp.uni-stuttgart.de)
Date: Wed Feb 19 2014 - 06:01:26 CST
I have just noticed that VMD will automatically read and play the file
".vmdrc" in the current directory.
I believe that this is a significant security hole. If a user puts a
malicious Tcl script ".vmdrc" into a directory where someone else executes
vmd, the script is executed. Ultimately, this is the same reason, why "."
is not in the PATH.
I would strongly recommend to remove this behavior, or at least make it
configurable via an environment variable or so.
-- Dr. rer. nat. Olaf Lenz Institut für Computerphysik, Allmandring 3, D-70569 Stuttgart Phone: +49-711-685-63607