Secure Coding mailing list archives
Re: Opinion re an interesting article on Linux security in Linux Journal
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Tue, 09 Mar 2004 20:50:11 +0000
On Tue, 9 Mar 2004, Richard Moore wrote:
2. While you can open things in their apps, what you can't do is make anything directly execute - that takes an addition step (eg. using konqueror or the command line to set the executable flag, then running the attachment). Since we do not let macros run on document openning, the risks of opening things are minimised.
Uhh, with some new worms, you not only can't execute the rogue directly by just clicking on an attachment, but you need to enter a password to get access to it... you just need a userbase clueless enough to carry out even a fairly complicated action out of curiosity, and some social engineering. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2004-03-09 20:13 -- http://lcamtuf.coredump.cx/photo/current/
Current thread:
- Opinion re an interesting article on Linux security in Linux Journal Kenneth R. van Wyk (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Alun Jones (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal Michal Zalewski (Mar 09)
- RE: Opinion re an interesting article on Linux security in Linux Journal Michael S Hines (Mar 09)
- Re: Opinion re an interesting article on Linux security in Linux Journal Ryan Russell (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal ljknews (Mar 10)
- Re: Opinion re an interesting article on Linux security in Linux Journal der Mouse (Mar 10)
- <Possible follow-ups>
- Re: Opinion re an interesting article on Linux security in Linux Journal Bill Cheswick (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. ljknews (Mar 10)
- Re: Re: Application Sandboxing, communication limiting, etc. Jose Nazario (Mar 10)
- Re: Application Sandboxing, communication limiting, etc. Jared W. Robinson (Mar 10)
(Thread continues...)
- Re: Opinion re an interesting article on Linux security in Linux Journal Richard Moore (Mar 09)