On Tue, 2003-01-14 at 10:17, Dave Finnegan wrote: > Does Evolution suffer from this sort of virus? > > Should I be concerned that I could be receiving viruses now via my Linux > Evolution mail reader?
Evolution does not support scripting, and I think (and hope) it is the policy of the Evolution hackers never to do so. It is, however, always a possibility to exploit buffer overflows in the Evolution to execute arbitrary code as the user running it. This class of attack is hardly unique to Evolution, although one could probably argue that since Evolution is much more complex than, say, mutt, it's more susceptible to attack this way. But let's be realistic. Any client that accepts data off the net is potentially vulnerable, so you should be more no concerned about Evolution than you would be by running Mozilla, or even xmms, as described here: http://online.securityfocus.com/archive/1/306476/2003-01-11/2003-01-17/0 (I'm not sure the above posting isn't a hoax, but in theory it's possible. Extremely complicated, but possible.) Basically, if you're extremely nervous, build a kernel with a non-executable user stack (openwall patch), and build Evolution, Mozilla, etc. with Stackguard if you're extra paranoid. You could also sandbox Evolution. But honestly, nobody is that paranoid. Right? :) Jason. -- Jason Tackaberry :: [EMAIL PROTECTED] :: 705-949-2301 x330 Academic Computing Support Specialist Information Technology Services Algoma University College :: www.auc.ca _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
