On Wed, 10 May 2000, Bruce McCulley <[EMAIL PROTECTED]> wrote:
[...]
> a couple of decades of architectural evolution. Hence there are some big
> differences between platforms, and I doubt very much that Netscape on
> Linux would be able to wreak the widespread destruction that it can on Windoze,
> using the same tweaked or default settings on both.
If netscape shipped with its default to automatically pass anything
with mime type "application/x-sh" to /bin/sh or "application/x-perl" to
/usr/bin/perl that would be a disaster. Both reading e-mail and web
browsing would be very dangerous.
And once an attacker has a shell as a normal user account, it is not
difficult at all to get root permission after that (e.g. try a series
of local root compromise exploits that are widely available). Then
the whole system can be hosed.
So it is crucial that netscape (or any other unix browser) never have
its default to automatically run scripts or programs. A safe sandbox
would be needed, i.e. as in java.
I have met people who map suffix ".sh" to application/x-sh, but that
is different since it is basically just their foot they are shooting...
> The real question is, how much more secure is a non-root Linux session
> compared to a non-Administrator NT or Win95 session? I haven't studied
> the specifics in detail but intuitively I'd bet there's a significant
> difference, and
> that it would manifest in the default Netscape behavior.
Well, I claim once you have non-root on Linux you have root shortly there
after unless the system is kept meticulously up-to-date wrt security
patches for local root compromises.
If linux does acheive "world domination" on the desktop as it seems
hell-bent toward acheiving, you can bet worms and trojans will be
screwing up linux boxes royally. We don't see it now because most
people are on Windows and so there is more bang for the buck there for
worm/virus writers to attack Windows.
As an example: How many buffer overruns do you think there are
in Netscape (I'd guess many by the way it crashes so much). The
attacker sets up some web or email data that will crash netscape
and have a shell as that user, etc. Gloomy days ahead, but we'll
get thru them I imagine.
Karl Runge
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
