From: joseph.bueno@trader.com
To: "David Schwartz \x1a" <davids@webmaster.com>
Cc: Linux Kernel List <linux-kernel@vger.kernel.org>
Subject: Re: Is there something that can be done against this ???
Date: Tue, 14 Aug 2001 15:16:55 +0200 [thread overview]
Message-ID: <3B7924C7.31923A8@trader.com> (raw)
In-Reply-To: <NOEJJDACGOHCKNCOGFOMKENKDCAA.davids@webmaster.com>
David Schwartz wrote:
>
> > The question is not : "is this script dangerous ?",
> > but "are you ready to blindly execute a shell script
> > (or any program) that you receive in your mail ?".
>
> Sure, as a user created solely for that purpose, it should be entirely
> safe.
>
How many users are there that use a specific user account to read
their emails on their Linux workstation ?
I don't, I use my account to read mails, write documents,
develop programs,etc. So even if a malicious program does
not do any arm to the system, it can at least destroy or corrupt my
own files and I will loose time restoru=ing from last backup and
rebuilding recently modified files.
> > I don't care if this script is dangerous or not because I will
> > never execute it,
> > or any program that I receive my email before checking its
> > contents and making sure
> > it is OK.
> > (And my mail reader will not execute anything automatically, not
> > even Javascript).
>
> Why? Is it because you don't trust your system security? Your operating
> system shouldn't let the script do anything you don't want it to do.
Yes I trust my system security. But even the system is not affected,
since the script will run with my userid, it will be able to do everything
I am allowed to do.
>
> > If somebody is dumb enough to execute any program received by email,
> > don't loose time trying to find some weaknesses in the system; just
> > send him a shell script with "rm -rf /". It will do enough harm !
>
> That should do no harm. What you mean to say is "if somebody is dumb enough
> to execute any program recieved by email under a user account that has
> permissions to modify files he cares about, consume too many process slots,
> consume excessive vm, or has other special capabilities".
It was just a one line example. Even if does not do any harm to
system files, it will harm my own files !
BTW, how many people are positively sure that they can
run "su nobody -c rm -rf /" on their system without loosing anything ?
>
> > Best protection against mail virus is not technical (although it
> > may help),
> > but user education; and this is true regardless of which operating system
> > or mail reader is used !
>
> If a user can run code that can harm the system, then nobody who isn't
> trusted not to harm the system can be a user. That's not how we want Linux
> to be, is it?
Well, you are right; but even if a user does not harm the system,
he will harm himself and there is no way the system can protect him
against it. So we are back to my point: user protection comes from
user education.
>
> DS
>
Regards
--
Joseph Bueno
NetClub/Trader.com
next prev parent reply other threads:[~2001-08-14 13:16 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-13 1:24 S2464 (K7 Thunder) hangs -- some lessons learned Eric S. Raymond
2001-08-13 1:41 ` Paul G. Allen
2001-08-13 5:12 ` Christopher Abbey
2001-08-13 12:34 ` Alan Cox
2001-08-13 15:18 ` Eric S. Raymond
2001-08-13 15:46 ` Alan Cox
2001-08-13 15:52 ` Eric S. Raymond
2001-08-13 16:00 ` Alan Cox
2001-08-13 18:56 ` Is there something that can be done against this ??? Mircea Ciocan
2001-08-13 19:19 ` Jakob Østergaard
2001-08-13 19:19 ` Ulrich Drepper
2001-08-13 19:20 ` Mircea Ciocan
2001-08-13 19:41 ` Aaron Lehmann
2001-08-13 19:53 ` Chris Meadors
2001-08-13 20:09 ` Admin Mailing Lists
2001-08-13 22:01 ` Rik van Riel
2001-08-14 8:12 ` Helge Hafting
2001-08-13 19:24 ` Peter T. Breuer
2001-08-13 19:34 ` Eli Carter
2001-08-13 19:32 ` Ben Collins
2001-08-13 19:48 ` Ronald Jeninga
2001-08-13 20:02 ` Richard B. Johnson
2001-08-14 8:02 ` Henning P. Schmiedehausen
2001-08-14 8:16 ` joseph.bueno
2001-08-14 10:00 ` David Schwartz
2001-08-14 12:42 ` Helge Hafting
2001-08-14 17:10 ` David Schwartz
2001-08-14 13:16 ` joseph.bueno [this message]
[not found] ` <9lb8vp$10q$1@ns1.clouddancer.com>
2001-08-14 16:34 ` Colonel
2001-08-15 9:08 ` Helge Hafting
2001-08-14 17:47 ` Scott Wood
2001-08-14 21:27 ` S2464 (K7 Thunder) hangs -- some lessons learned Eric S. Raymond
2001-08-14 22:13 ` Alan Cox
2001-08-14 1:45 ` Paul G. Allen
-- strict thread matches above, loose matches on Subject: below --
2001-08-13 20:00 Is there something that can be done against this ??? Per Jessen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B7924C7.31923A8@trader.com \
--to=joseph.bueno@trader.com \
--cc=davids@webmaster.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.