Linux-Advocacy Digest #437, Volume #26 Wed, 10 May 00 08:13:04 EDT
Contents:
Re: Programs for Linux (Carsten Pitz)
Re: This is Bullsh&^%T!!! (Donal K. Fellows)
Re: This is Bullsh&^%T!!! ("Erik Funkenbusch")
Re: This is Bullsh&^%T!!! (mlw)
Re: This is Bullsh&^%T!!! (mlw)
Re: So what is wrong with X? (Stephen Cornell)
Re: This is Bullsh&^%T!!! (Donal K. Fellows)
Re: Programs for Linux (Hoosain Madhi)
Re: German Govt says Microsoft a security risk (Charlie Ebert)
Re: Why only Microsoft should be allowed to create software (Bob Germer)
Re: Why only Microsoft should be allowed to create software (Bob Germer)
Re: Why only Microsoft should be allowed to create software (Bob Germer)
Re: This is Bullsh&^%T!!! (Donal K. Fellows)
Re: This is Bullsh&^%T!!! (Donal K. Fellows)
Re: This is Bullsh&^%T!!! (Donal K. Fellows)
Re: Why only Microsoft should be allowed to create software (Bob Germer)
----------------------------------------------------------------------------
From: Carsten Pitz <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,linux.dev.newbie
Subject: Re: Programs for Linux
Date: Wed, 10 May 2000 10:02:41 GMT
(1) GNU assembler (gas)
(2) Oracle maybe is a good choice
BTW, I am quite intersted in why you need an assembler.
Carsten
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: [EMAIL PROTECTED] (Donal K. Fellows)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 10:13:23 GMT
In article <325S4.359$[EMAIL PROTECTED]>,
Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
> Leslie Mikesell <[EMAIL PROTECTED]> wrote:
[ attribution lost, but I think it was Erik... ]
>>> How come unix doesn't prevent the creation of link files to
>>> potentially dangerous commands?
>>
>> In general it does, unless your PATH includes directories writable
>> by you. If you don't ordinarily do programming or scripting this
>> is a bad idea, and if you do you should put your area last in the
>> PATH so a trojan there won't be executed instead of the system copy
>> with the same name.
>
> Path variables are user-defineable.
Sure, but most people don't redefine them, leaving them set to the
system's default.
> It's pretty common to put the current directory first in your path
> since this reduces lag time for local commands and allows you to
> create local versions of things.
It isn't *that* common, and it is also a security hole, though not too
serious a one for most users (i.e non-root) given a sensible umask()
and the fact that programs require the execute bit to be set for them
to be spotted by the OS/shell. I will admit that there are several
camps about on this topic; some people seem to actively seek to live
dangerously...
Donal.
--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ [EMAIL PROTECTED]
-- Always running as a superuser is not a fault, it's an OS preference.
-- <[EMAIL PROTECTED]>
------------------------------
From: "Erik Funkenbusch" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 05:24:44 -0500
mlw <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > Again, you're asking that the email program KNOWS it's a script. It
> > doesn't.
>
> It should be coded so that it does. If it isn't now, then it is wrong.
> If the e-mail client can not tell the difference between a script and
> harmless data, it has no business being used for e-mail.
Which Unix email clients can tell the difference between a script and text
file?
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 06:30:30 -0400
Erik Funkenbusch wrote:
>
> Perry Pip <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]...
> > On Tue, 9 May 2000 21:24:39 -0500, Erik Funkenbusch <[EMAIL PROTECTED]>
> wrote:
> > >Perry Pip <[EMAIL PROTECTED]> wrote in message
> > >news:[EMAIL PROTECTED]...
> > >> >How exactly does the email client know that .jpg or .mp3 is what it
> > >claims
> > >> >to be?
> > >>
> > >> It doesn't need to know. All it needs to know is that a jpeg veiwer or
> mp3
> > >> player is a safe application to pass it to, because the application
> will
> > >> attempt to render the file's contents, instead of attempting to
> interpret
> > >> and execute the file's contents. If you pass a jpeg viewer a file that
> is
> > >> not in jpeg format it will report an error. Same with an mp3 player.
> > >
> > >And how does it know that the application is safe to execute content?
> >
> > You redesign the email client so that it does. Microsoft has the source
> > code to Outlook so they can certainly do that.
>
> Oh sure, and I'll just redesign my wallet so that there is always money
> available for me to use.
>
> It's easy to say "Just do something" without offering any real way to do it.
Here is how you do it:
Add one field in the registry, under classes, for each entry with is
safe for e-mail. When outlook gets an extension or mime-type, you add 10
lines of code that looks up this information in the registry, and
decides whether or not to open the object in the e-mail. Simple.
>
> > >Since
> > >file types are user defineable, the .mp3 association can point to
> anything,
> > >including WSH.
> >
> > The email client should now WSH is not safe to pass untrusted content to.
> > Microsoft needs to *innovate* and find a way to fix outlook.
>
> It should? And what if WSH is renamed to ie.exe?
Then the registry will be changed as well. The association data has to
be somewhere, or it will not run.
>
> > >And what if there's a link to sh called kview in your path?
> >
> > There isn't, because I do not intentionally sabatoge my system. It is
> > reasonalbe to assume, when designing a security model that an admin will
> > not intentionally sabatoge a system in that way. Why do you make such lame
> > arguments.
>
> The point is that you can't trust a system to be setup in any given way.
> And you can't trust users not to do stupid things on their system. Nothing
> stops a user from creating a link in their home directory to any file on the
> system they have access to. And more importantly, nothing stops someone
> that's compromised a system from doing so.
>
> The recent DDoS attacks worked by compromising a system and installing
> trojans. These can lie dormant for who knows how long and activate things
> later. Unix systems were one of the major effected systems.
>
We are not talking about "infected" systems, we are talking about system
which are "pre-infection" i.e. currently usable.
> > >But how do you know that notepad is actually being executed?
> >
> > Because it reasonable to assume when designing a security model that the
> > admin won't intentionally sabatoge a system in that way. Why do you make
> > such lame arguments.
>
> Is it reasonable to assume that someone else might have sabotaged a system
> that way?
Again, we are talking "pre-infection." Arguing that an e-mail program
can not protect itself against a virus, because a virus could have
sabotaged the protection is silly.
>
> > >And should that be hardcoded?
> >
> > It can simply be registered as an alternete "safe" way to open untrusted
> > content. And must I say, it reasonable to assume when designing a security
> > model that the admin won't intentionally sabatoge the registry.
>
> It's awfully easy for you to sit back and be an armchair security expert,
> isn't it? Have you really thought through all the consequences and possible
> ways to circumvent all your great ideas?
Hey, once there is infection, all bets are off, that is why you do not
allow virus infection. I.E. you do not open executable code from e-mail.
>
> > >So now you're asking that outlook perform the duties of the shell (which
> is
> > >to determine what application to run for a given document).
> >
> > Either that or have a way of passing to the shell some information about
> > the context of execution and have the shell deal with it. Microsoft has
> > the source code and the resources to fix the problem.
>
> Oh, so now every existing application that calls the shell has to be broken
> to allow for this new level of security?
Yes. But, the shell can but patched such that it can know about
different "processes" within the system, i.e. the program opening the
object. The shell dll can look in the registry to see if it is safe for
that application to open that type of object. Again, this is a simple
associative tree in the registry, and less than 1 man day to code and
does not break any applications. Assuming a competent developer, which
is, of course, a stretch at MS.
>
> > >How come unix
> > >doesn't prevent the creation of link files to potentially dangerous
> > >commands?
> >
> > Because links are something set up by knowledgeable users or
> > administrators and do not introduce content from unknown sources. An email
> > client is used by nontechnical users and introduces content from unknown
> > sources. Why do you make such a lame comparison.
>
> Or they might be something set up by script kiddies who get clueless users t
> o execute content they shouldn't be.
An e-mail client, written for clue-less users, has to protect them from
this, or it has failed in its objective.
>
> > >A common tactic is to infect otherwise trusted applications with a trojan
> > >which does not itself do anything bad to the system. Instead, it enables
> > >another program to do bad things. This was an early problem with IE and
> > >Netscape. executable were being downloaded as jpeg images, which were
> being
> > >displayed as broken images of course.
> >
> > But this does not in itself execute the content.
> >
> > >But later, a trojan would activate
> > >the downloaded content from the cache.
> >
> > A trojan from where?? A trojan does not just appear from thin air. How
> > does this trojan enter the system *and* get executed? Your explaination
> > makes no sense at all. Please provide a URL to an account of this bug.
>
> Microsofts security site only seems to go back to 1997. This exploit ws
> early in IE3's lifetime in 96 or so.
>
> I don't remember all the details anymore, so i'll drop it.
>
> > >This is what caused MS to make the
> > >cache both invisible and randomly named.
> >
> > And so if you are correct than Microsoft fixed the problem. So why don't
> > they fix Outlook?
>
> Microsoft has fixed it. Days ago in fact.
>
> http://www.microsoft.com/technet/security/virus/vbslvltr.asp
>
> The problem is that it takes away a feature that many users like. I see no
> way to allow execution of any attachment safely.
Hmmm, so, java is a better environment than vbs? Of course it is,
because java is designed with the notion that some content (especially
from the Internet) is not safe to run with full security. Again, if
Microsoft can not ensure that executable content opened by its e-mail
clients can be run safely, it should not open it. It is far less
inconvenient to remove this feature than it is to fix all the problems
from having it.
>
> > >> >Suddenly, a jpg is no longer safe.
> > >>
> > >> As long as you don't pass it to the wrong application it is.
> > >
> > >And how does the application prevent that?
> >
> > You re-design the email client.
>
> Oh, great. More nebulous "redesigning".
>From an "innovative" company, such as MS, this should not be a problem.
;-)
>
> > To do that you *innovate* to find a way to
> > implement reasonable level of security with a minimal but finite cost to
> > userfreindlyness.
>
> Simply not possible. The only way to prevent the problem (there will be
> users that save the attachment and launch it anyways) is to prevent
> attachments. That's not going to happen.
I submit, if a user saves the object to a file and runs it themselves,
in a few steps, probably 90% of the previously infected users would not
have been infected.
>
> > An email client is a entrance way by which foriegn data
> > enters a system. You must put security there just as you must lock all of
> > the doors and windows to your house. Why is is so hard for you to
> > understand that??
>
> Who said it's hard for me to understand. I am simply saying that just about
> every suggested "fix" by anyone on this newsgroup isn't a fix. They all
> cause other problems or allow the virus to continue in other ways.
Not true. No "fix" I have suggested "opens" a new exploit. Perhaps they
are not perfect, but this is because MS does not have the security
infrastructure in Windows to make a safe environment, and vbs while
being promoted as a way of pushing executable content does not have the
security features that java has for internet use. The fact the ILOVEYOU
virus infects systems in almost the exact same way as malissa proves
that MS is inept, and incapable of "innovating" its way out of a paper
bag.
A few "simple" "innovations" from MS, after malissa, would have saved
millions of users the grief of the "ILOVEYOU" virus.
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: mlw <[EMAIL PROTECTED]>
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: Wed, 10 May 2000 06:32:27 -0400
Christopher Smith wrote:
>
> "Leslie Mikesell" <[EMAIL PROTECTED]> wrote in message
> news:8faj9d$2c7o$[EMAIL PROTECTED]...
> > In article <DZ1S4.332$[EMAIL PROTECTED]>,
> > Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
> >
> > >
> > >How is the OS to know which documents launch apps that simply display
> data
> > >and which ones do something with it? (for instance, zip archives don't
> just
> > >display data, they can create new files).
> >
> > It isn't an OS issue - it is a mailer issue because it is the mailer
> > starting the program.
>
> No, it's not. It's the mailer passing the file to shell saying "the user
> wants to open this, go dow hatever the default action is".
OK, then it is an OS issue. Fine, MS needs to fix it. It is a security
bug.
>
> > How long would it take you to pick a list
> > that you would trust to process anything someone might send you?
--
Mohawk Software
Windows 9x, Windows NT, UNIX, Linux. Applications, drivers, support.
Visit http://www.mohawksoft.com
"We've got a blind date with destiny, and it looks like she ordered the
lobster"
------------------------------
From: Stephen Cornell <[EMAIL PROTECTED]>
Subject: Re: So what is wrong with X?
Date: 10 May 2000 11:59:59 +0100
[EMAIL PROTECTED] (Christopher Browne) writes:
> The notion that using a higher-level language diminishes network
> traffic is a common "Doctrine of Faith." It may, on occasion,
> actually be _true_.
>
> It is only forcibly _true_ if the set of higher-level abstractions
> that get used are sufficiently well-representative of the application
> using them.
Of course. Most GUIs use widget sets - buttons, menus, sliders,
etc. - and the only information that needs to be sent to the machine
doing the grunt is the activity of these elements, not every X-event
such as mouse motion.
Other elements of a graphical application, such as the plotting window
in a gnuplot, _do_ need the kind of flexibility to which X is suited,
but there's no reason why that part of the application can't be
treated as a regular x-client, with the rest of the GUI acting as a
sort of meta-window-manager.
--
Stephen Cornell [EMAIL PROTECTED] Tel/fax +44-1223-336644
University of Cambridge, Zoology Department, Downing Street, CAMBRIDGE CB2 3EJ
------------------------------
From: [EMAIL PROTECTED] (Donal K. Fellows)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 10:52:42 GMT
In article <8f7l43$hg3$[EMAIL PROTECTED]>,
Christopher Smith <[EMAIL PROTECTED]> wrote:
> But the point is that means the mailer has to know about the files.
> Currently, if you "launch" an attachment, the mailer just hands the
> file off to the shell (explorer) saying "the user wants to open
> this". Explorer then performs the default action on the file (eg
> for a jpeg it would fir eup some viewer program and pass it the
> file). For fairly obvious reasons, the default action when you
> activate a script is to run it.
And this is a pretty-much classic example of the sort of thing that is
wrong with Microsoft at a technical level. A series of steps, each of
which looking fairly reasonable at a small-scale level, leads to a
major problem at a large-scale level. This means that something,
somewhere, is deeply wrong, and that the nature of the wrongness is
*deep*. IOW, your argument isn't worth half a badger tonsil, no matter
how many times you bleat it.
The problem is that the desired default action for executable content
is really dependent upon the level of trust you have in that content.
And MS (others too, but particularly them) don't really grasp all the
implications of this, or if they do, they don't code like they do!
Donal.
--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ [EMAIL PROTECTED]
-- I may seem more arrogant, but I think that's just because you didn't
realize how arrogant I was before. :^)
-- Jeffrey Hobbs <[EMAIL PROTECTED]>
------------------------------
Date: Wed, 10 May 2000 13:11:35 +0200
From: Hoosain Madhi <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc,linux.dev.newbie
Subject: Re: Programs for Linux
for the database if you looking for a free DB System try out postgresql.
We are using it in a very large telecoms business.
As for the assembler I can't help there
Carsten Pitz wrote:
> (1) GNU assembler (gas)
> (2) Oracle maybe is a good choice
>
> BTW, I am quite intersted in why you need an assembler.
>
> Carsten
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
------------------------------
From: Charlie Ebert <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.misc
Subject: Re: German Govt says Microsoft a security risk
Date: Wed, 10 May 2000 11:34:09 GMT
HEY! WAY TO GO GERMANY!
They are a security risk and they should be delt with!
I know.
Charlie
Christopher Browne wrote:
>
> Centuries ago, Nostradamus foresaw a time when Keith would say:
> >>That was found out yesterday. Otto Schily's experts are
> >>already busy looking into recommendations for the use of
> >>so-called "Open Source" software like the free Linux operating
> >>system. The new "Windows 2000" is also off-limits for
> >>agencies because it comes with a built-in defragmentation
> >>program called "Diskeeper" from a Scientology WISE
> >>company, and there are fears that the militant sect could
> >>secretly pass on network data by means of a Trojan Horse.
>
> It is unfortunate that the only visible claims in this regard appear to
> come from c't, or in terms of quotes from c't.
>
> That's not to say that c't is an utterly non-credible source, only that
> it's rather nice to have multiple sources for claims about such things.
>
> The assurances that the articles indicate that Microsoft provided
> "assurances" that are really not so reassuring...
>
> <http://wired.lycos.com/news/print/0,1294,33154,00.html> indicates:
>
> In a letter to c't, the Church of Scientology accused the magazine of
> inaccurate statements about Scientology and insisted that Executive
> Software has no affiliation with the church.
>
> And Microsoft spokesperson Mark Thomas said the technological concerns
> raised by c't are unfounded.
>
> "We've looked a this issue very carefully and there's really no issue for
> people to be concerned about," Thomas said. The software is put through
> rigorous review and it poses no data security threat to companies,
> he said.
>
> As to whether Microsoft could run afoul of Bavarian regulations on
> Scientology, Thomas said he didn't see the connection. "[Windows 2000]
> is not Executive Software's product. It's ours."
>
> Claims by Microsoft that their products "pose no data security threat
> to companies" are disproved on a daily basis every time another ILOVEYOU
> variation passes through corporate networks.
> --
> I would rather be in the back of a car then a cdr.
> -- Blackboard in 6.011 area
> [EMAIL PROTECTED] - - <http://www.hex.net/~cbbrowne/lsf.html>
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
From: Bob Germer <[EMAIL PROTECTED]>
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 11:31:02 GMT
On 05/10/2000 at 09:44 AM,
"Christopher Smith" <[EMAIL PROTECTED]> said:
> Microsoft behave identically to almost every other company. Bitching
> about Microsoft without also bitching about everyone else is hypocrisy,
> plain and simple.
What a load of pure fiction! Most companies do not get convicted of
breaking the anti-trust laws of the United States. In fact, only a
miniscule percentage does.
Microsoft is a corrupt, lawbreaking disgrace.
--
==============================================================================================
Bob Germer from Mount Holly, NJ - E-mail: [EMAIL PROTECTED]
Proudly running OS/2 Warp 4.0 w/ FixPack 13
MR/2 Ice 2.19 Registration Number 67
As the court closes in on M$, Lemmings are morphing to Ostrats!
=============================================================================================
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
From: Bob Germer <[EMAIL PROTECTED]>
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 11:36:02 GMT
On 05/10/2000 at 08:27 AM,
[EMAIL PROTECTED] (John Poltorak) said:
> In <8fa7e0$490$[EMAIL PROTECTED]>, "Christopher Smith"
> <[EMAIL PROTECTED]> writes: >
> >Since people run around chanting "show us Microsoft's innovation" but
> >neglect to also chant "show us $SOMEOTHERCOMPANY's innovation".
> Here's a couple for starters:-
> IBM inventors of the IBM PC
> IBM inventors of the Winchester disk drive
To which one can add:
XEROX inventor of the windowed GUI
Intel inventor of the 8x family of microprocessors
Seattle Computer Works inventor of DOS
Vision inventor of the spreadsheet (Visicalc)
And of course
Al Gore inventor of the internet. (A little humor of course)
--
==============================================================================================
Bob Germer from Mount Holly, NJ - E-mail: [EMAIL PROTECTED]
Proudly running OS/2 Warp 4.0 w/ FixPack 13
MR/2 Ice 2.19 Registration Number 67
As the court closes in on M$, Lemmings are morphing to Ostrats!
=============================================================================================
------------------------------
Crossposted-To:
comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy,comp.sys.mac.advocacy
From: Bob Germer <[EMAIL PROTECTED]>
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 11:41:06 GMT
On 05/10/2000 at 04:50 AM,
"Erik Funkenbusch" <[EMAIL PROTECTED]> said:
> Windows 3.1 was released in April of 92 IIRC, your files are dated from
> March. How would it have meant trouble for anything?
OK, you damned Microsoft Mole, I have you now. I can prove you are a
fucking plant working for Bill Criminal Gates.
Here is the directory from the Disk 1 of Windows 3.1:
Volume in drive B is WIN31DISK1 Serial number is 1F01:1113
Directory of b:\*
8514.dr_ 50425 3-10-92 3:10
8514sys.fo_ 3633 3-10-92 3:10
app850.fo_ 16663 3-10-92 3:10
comm.dr_ 7157 3-10-92 3:10
cpwin386.cp_ 48841 3-10-92 3:10
disk1 8 3-10-92 3:10
ega.3g_ 9460 3-10-92 3:10
ega.dr_ 43319 3-10-92 3:10
egacolor.2g_ 2729 3-10-92 3:10
egafix.fo_ 2534 3-10-92 3:10
egalogo.lg_ 1105 3-10-92 3:10
egalogo.rl_ 5125 3-10-92 3:10
egaoem.fo_ 3027 3-10-92 3:10
egasys.fo_ 2879 3-10-92 3:10
gdi.ex_ 167674 3-10-92 3:10
herclogo.rl_ 4690 3-10-92 3:10
hercules.2g_ 1809 3-10-92 3:10
hpebios.38_ 2108 3-10-92 3:10
kbdhp.dr_ 6835 3-10-92 3:10
mmsound.dr_ 2829 3-10-92 3:10
mscvmd.38_ 3257 3-10-92 3:10
msnet.dr_ 4619 3-10-92 3:10
oligrab.2g_ 2618 3-10-92 3:10
pmspl20.dl_ 22506 3-10-92 3:10
setup.exe 422080 3-10-92 3:10
setup.hl_ 33683 3-10-92 3:10
setup.inf 59118 3-10-92 3:10
setup.shh 6525 3-10-92 3:10
setup.txt 41724 3-10-92 3:10
system.dr_ 1780 3-10-92 3:10
system.sr_ 642 3-10-92 3:10
tiga.dr_ 38829 3-10-92 3:10
v7vdd.38_ 19315 3-10-92 3:10
vdd8514.38_ 27808 3-10-92 3:10
vddct441.38_ 18366 3-10-92 3:10
vddega.38_ 19421 3-10-92 3:10
vddtiga.38_ 27647 3-10-92 3:10
vddvga30.38_ 19651 3-10-92 3:10
vddxga.38_ 20367 3-10-92 3:10
vga.3g_ 11256 3-10-92 3:10
vgasys.fo_ 3111 3-10-92 3:10
win.cn_ 10101 3-10-92 3:10
win.sr_ 1666 3-10-92 3:10
winhelp.ex_ 163861 3-10-92 3:10
xga.dr_ 55181 3-10-92 3:10
xmsmmgr.exe 14144 3-10-92 3:10
1,432,126 bytes in 46 files and 0 dirs 1,443,840 bytes allocated
13,824 bytes free
So, you lying asshole, Windows 3.1 file dates were ALL March 10, 1992.
Go away and stay there!
--
==============================================================================================
Bob Germer from Mount Holly, NJ - E-mail: [EMAIL PROTECTED]
Proudly running OS/2 Warp 4.0 w/ FixPack 13
MR/2 Ice 2.19 Registration Number 67
As the court closes in on M$, Lemmings are morphing to Ostrats!
=============================================================================================
------------------------------
From: [EMAIL PROTECTED] (Donal K. Fellows)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 11:30:46 GMT
In article <3918c808@news>, Rich C <[EMAIL PROTECTED]> wrote:
> Can mail programs and browsers be set up to run with even LESS
> privileges than the user who invokes them?
Yes, they could be suid nobody, though they might then lack the
permission to access the user's mailbox.
> For example, say I have a bunch of files in my user directory, and I
> run a mail program that can ONLY access my mailbox folder and my
> address book. The mail program passes an attachment (say a
> "dangerous" script I received) to the shell for execution, but it
> only executes with the privileges of the mailer program, not my user
> privileges. It doesn't even have access to the rest of my user
> files. Is this possible under Linux?
Yes, but a lot hard work. It is usually easier to just make the
mailer itself fascist in its dealing with attachments...
> How (in 25 words or less :o)) would one go about it?
Either put the whole system into some kind of sandbox, or use chroot()
to install a wholly false user layer. Neither's perfect.
Donal.
--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ [EMAIL PROTECTED]
-- I may seem more arrogant, but I think that's just because you didn't
realize how arrogant I was before. :^)
-- Jeffrey Hobbs <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Donal K. Fellows)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 11:31:50 GMT
In article <nF3S4.350$[EMAIL PROTECTED]>,
Erik Funkenbusch <[EMAIL PROTECTED]> wrote:
> Again, you're asking that the email program KNOWS it's a script. It
> doesn't.
Why not? That info could easily be made to exist in the registry.
Donal.
--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ [EMAIL PROTECTED]
-- I may seem more arrogant, but I think that's just because you didn't
realize how arrogant I was before. :^)
-- Jeffrey Hobbs <[EMAIL PROTECTED]>
------------------------------
From: [EMAIL PROTECTED] (Donal K. Fellows)
Crossposted-To: comp.os.ms-windows.nt.advocacy
Subject: Re: This is Bullsh&^%T!!!
Date: 10 May 2000 11:42:00 GMT
In article <8f0asi$mfu$[EMAIL PROTECTED]>,
Christopher Smith <[EMAIL PROTECTED]> wrote:
> What defines a "windows user" ?
Defenestratee. HTH!
Donal.
--
Donal K. Fellows http://www.cs.man.ac.uk/~fellowsd/ [EMAIL PROTECTED]
-- I may seem more arrogant, but I think that's just because you didn't
realize how arrogant I was before. :^)
-- Jeffrey Hobbs <[EMAIL PROTECTED]>
------------------------------
Crossposted-To:
comp.sys.mac.advocacy,comp.os.ms-windows.nt.advocacy,comp.os.os2.advocacy
From: Bob Germer <[EMAIL PROTECTED]>
Subject: Re: Why only Microsoft should be allowed to create software
Date: Wed, 10 May 2000 11:43:02 GMT
On 05/10/2000 at 04:43 AM,
"Erik Funkenbusch" <[EMAIL PROTECTED]> said:
> How do you know when it was written? The document only mentions the
> last time it was updated.
We know because you claim otherwise. Since you are a proven liar, anything
you post is obviously worthless.
--
==============================================================================================
Bob Germer from Mount Holly, NJ - E-mail: [EMAIL PROTECTED]
Proudly running OS/2 Warp 4.0 w/ FixPack 13
MR/2 Ice 2.19 Registration Number 67
As the court closes in on M$, Lemmings are morphing to Ostrats!
=============================================================================================
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and comp.os.linux.advocacy) via:
Internet: [EMAIL PROTECTED]
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Advocacy Digest
******************************
