Derek Martin wrote:
> Yesterday, Steven W. Orr gleaned this insight:
> > I just feel intruiged by this message. If you go into Netscape -> Edit ->
> > Preferences -> Navigator -> Applications
> >
> > There are predefined slots in there for everything including the kitchen
> > sink. There're even slots for shell, csh, perl, tar, cpio, you name it. If
> > anyone *was* to define these entries and then receive a perl program as an
> > attachment, and then go ahead and execute such a beast, I betcha we'd be
> > in just as much doodoo as all those WinBloze weenies. Right now, for
>
> Nope. Because:
[...snip...]
> 3) The worst the thing could do is delete all that user's files, unless
> the recipient were dumb enough to have their mail delivered to root and
> read it that way.
[...snip...]
> > purposes of this ILOVEYOU discussion, I don't think their OS did anything
> > different than what out Netscape running under linux would do. The only
>
> Generally speaking, yes. Even on Windows, Netscape asks you if you want
> to run an executable by default. You have to go looking for the config
> option and change it before Netscape will let you automatically screw
> yourself over, and most people just aren't willing to go through all the
> effort.
I think there are a couple of differences, as the first snippet points out there
is
a fundamental difference in philosophy/implementation of multi-user protection.
Windoze evolved from a single-user paradigm with protection retrofitted as a
secondary priority to functionality, whilst Linux follows the Unix multi-user
architecture with privilege and protection designed in early on and refined over
a couple of decades of architectural evolution. Hence there are some big
differences between platforms, and I doubt very much that Netscape on
Linux would be able to wreak the widespread destruction that it can on Windoze,
using the same tweaked or default settings on both.
The real question is, how much more secure is a non-root Linux session
compared to a non-Administrator NT or Win95 session? I haven't studied
the specifics in detail but intuitively I'd bet there's a significant
difference, and
that it would manifest in the default Netscape behavior.
That's just MHO fwiw.
> My $.0002 worth... :)
nice adjustment for inflation, Derek! :-)
--Bruce McCulley
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
