On January 30, 2004 04:15 pm, Peter Wu wrote: > > If I write a shell script and attach to an email sent to you, then you > save the attached shell script and run it when you happen to have the > roott privilege? > > IIRC, any binary files can be attached to an email. Correct me if I am > wrong.
you're not wrong, but your logic is. yes, you can attach any filetype to an email, even a small bash script with the following contents: #!/bin/bash rm -rf ~/ the question is whether or not a user can accidentally break their computer with this. see, if i send you the above, it'll come to you as an *non-executable* attachment. it doesn't matter if it's executable on my box, when i send it to you, you'll have to save it locally and when you do, it's got 0644 permissions (unless you're doing something funky with your umask). you'd have to chmod u+x the file and run it to do any damage. the exception of course is a tarball. you can extract stuff from a tarball and it'll retain it's permissions, but that still requires the enduser to be an idiot and unpack then manually run the script. that's no different from telling them to run the above commands manually. in the end it's in the lap of the end user anyway. i'll say it now: if you're running your desktop as root, you're asking for it. why use a multi-user o/s that protects you from windows-esque problems if you're going to circumvent them anyway? -- giving it up would mean... it would mean that all along they'd been wrong. it would mean that they'd never known how to rule the world. it would mean... relinquishing their pretensions to godhood. - Daniel Quinn's "ishmael" -- [EMAIL PROTECTED] mailing list
