Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Opinion re an interesting article on Linux security in Linux Journal

From: Michal Zalewski <lcamtuf () ghettot org>
Date: Tue, 09 Mar 2004 20:50:11 +0000
On Tue, 9 Mar 2004, Richard Moore wrote:


2. While you can open things in their apps, what you can't do is make
anything directly execute - that takes an addition step (eg. using
konqueror or the command line to set the executable flag, then running
the attachment). Since we do not let macros run on document openning,
the risks of opening things are minimised.


Uhh, with some new worms, you not only can't execute the rogue directly by
just clicking on an attachment, but you need to enter a password to get
access to it... you just need a userbase clueless enough to carry out even
a fairly complicated action out of curiosity, and some social engineering.

-- 
------------------------- bash$ :(){ :|:&};: --
 Michal Zalewski * [http://lcamtuf.coredump.cx]
    Did you know that clones never use mirrors?
--------------------------- 2004-03-09 20:13 --

   http://lcamtuf.coredump.cx/photo/current/
Previous By Date Next
Previous By Thread Next

Current thread: