From: joseph.bueno@trader.com
To: "David Schwartz \x1a" <davids@webmaster.com>
Cc: Linux Kernel List <linux-kernel@vger.kernel.org>
Subject: Re: Is there something that can be done against this ???
Date: Tue, 14 Aug 2001 15:16:55 +0200 [thread overview]
Message-ID: <3B7924C7.31923A8@trader.com> (raw)
In-Reply-To: <NOEJJDACGOHCKNCOGFOMKENKDCAA.davids@webmaster.com>
David Schwartz wrote:
>
> > The question is not : "is this script dangerous ?",
> > but "are you ready to blindly execute a shell script
> > (or any program) that you receive in your mail ?".
>
> Sure, as a user created solely for that purpose, it should be entirely
> safe.
>
How many users are there that use a specific user account to read
their emails on their Linux workstation ?
I don't, I use my account to read mails, write documents,
develop programs,etc. So even if a malicious program does
not do any arm to the system, it can at least destroy or corrupt my
own files and I will loose time restoru=ing from last backup and
rebuilding recently modified files.
> > I don't care if this script is dangerous or not because I will
> > never execute it,
> > or any program that I receive my email before checking its
> > contents and making sure
> > it is OK.
> > (And my mail reader will not execute anything automatically, not
> > even Javascript).
>
> Why? Is it because you don't trust your system security? Your operating
> system shouldn't let the script do anything you don't want it to do.
Yes I trust my system security. But even the system is not affected,
since the script will run with my userid, it will be able to do everything
I am allowed to do.
>
> > If somebody is dumb enough to execute any program received by email,
> > don't loose time trying to find some weaknesses in the system; just
> > send him a shell script with "rm -rf /". It will do enough harm !
>
> That should do no harm. What you mean to say is "if somebody is dumb enough
> to execute any program recieved by email under a user account that has
> permissions to modify files he cares about, consume too many process slots,
> consume excessive vm, or has other special capabilities".
It was just a one line example. Even if does not do any harm to
system files, it will harm my own files !
BTW, how many people are positively sure that they can
run "su nobody -c rm -rf /" on their system without loosing anything ?
>
> > Best protection against mail virus is not technical (although it
> > may help),
> > but user education; and this is true regardless of which operating system
> > or mail reader is used !
>
> If a user can run code that can harm the system, then nobody who isn't
> trusted not to harm the system can be a user. That's not how we want Linux
> to be, is it?
Well, you are right; but even if a user does not harm the system,
he will harm himself and there is no way the system can protect him
against it. So we are back to my point: user protection comes from
user education.
>
> DS
>
Regards
--
Joseph Bueno
NetClub/Trader.com
next prev parent reply other threads:[~2001-08-14 13:16 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-08-13 1:24 S2464 (K7 Thunder) hangs -- some lessons learned Eric S. Raymond
2001-08-13 1:41 ` Paul G. Allen
2001-08-13 5:12 ` Christopher Abbey
2001-08-13 12:34 ` Alan Cox
2001-08-13 15:18 ` Eric S. Raymond
2001-08-13 15:46 ` Alan Cox
2001-08-13 15:52 ` Eric S. Raymond
2001-08-13 16:00 ` Alan Cox
2001-08-13 18:56 ` Is there something that can be done against this ??? Mircea Ciocan
2001-08-13 19:19 ` Jakob Østergaard
2001-08-13 19:19 ` Ulrich Drepper
2001-08-13 19:20 ` Mircea Ciocan
2001-08-13 19:41 ` Aaron Lehmann
2001-08-13 19:53 ` Chris Meadors
2001-08-13 20:09 ` Admin Mailing Lists
2001-08-13 22:01 ` Rik van Riel
2001-08-14 8:12 ` Helge Hafting
2001-08-13 19:24 ` Peter T. Breuer
2001-08-13 19:34 ` Eli Carter
2001-08-13 19:32 ` Ben Collins
2001-08-13 19:48 ` Ronald Jeninga
2001-08-13 20:02 ` Richard B. Johnson
2001-08-14 8:02 ` Henning P. Schmiedehausen
2001-08-14 8:16 ` joseph.bueno
2001-08-14 10:00 ` David Schwartz
2001-08-14 12:42 ` Helge Hafting
2001-08-14 17:10 ` David Schwartz
2001-08-14 13:16 ` joseph.bueno [this message]
[not found] ` <9lb8vp$10q$1@ns1.clouddancer.com>
2001-08-14 16:34 ` Colonel
2001-08-15 9:08 ` Helge Hafting
2001-08-14 17:47 ` Scott Wood
2001-08-14 21:27 ` S2464 (K7 Thunder) hangs -- some lessons learned Eric S. Raymond
2001-08-14 22:13 ` Alan Cox
2001-08-14 1:45 ` Paul G. Allen
-- strict thread matches above, loose matches on Subject: below --
2001-08-13 20:00 Is there something that can be done against this ??? Per Jessen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3B7924C7.31923A8@trader.com \
--to=joseph.bueno@trader.com \
--cc=davids@webmaster.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox