Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MIME question...

From: doug () Eng Auburn EDU (Doug Hughes)
Date: Fri, 17 Mar 1995 14:34:57 -0600 (CST)

On Fri, 17 Mar 1995, robert owen thomas wrote:


has anyone on this list heard of an "auto-execute MIME extension"?  is
this an issue?  the question arose when i doubted the likelihood of
a "virus" being launched via reading an e-mail message.

your thoughts?
--

o robert owen thomas: Unix consultant. MAILER-DAEMON. user scratching post. o
o         e-mail: rthomas () pamd cig mot com --or-- robt () cymru com            o
o                  vox: 708.632.5768  fax: 708.632.5694                     o
o                -- System Administrator's Dictionary --                    o
o    user (you'zer) n. 1 A waste of system resources; an unwanted load      o
o    on the processor(s) of a Unix system. 2 Someone who uses Caps Lock.    o



Sure, you should be careful with MIME.  It's very powerful, but with
this power comes vulnerability.. Particularly:
Postscript - don't have a postscript auto-launcher unless it goes directly
to a printer
Tcl - safetcl is purported to be okay for MIME.
Perl - such a powerful language, wouldn't want it as part of MIME auto-reader
though.

in general anything that launches a viewer that is part of a programming
or scripting environment can be extremely dangerous because of file 
operations.

____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug () eng auburn edu
                "Real programmers use cat > file.as"
Previous By Date Next
Previous By Thread Next

Current thread: