Joachim Schrod wrote: > Sloan wrote: >> >> It seems to be essentially one of the "honor system" viruses for unix, >> you know the drill: >> >> 1. download the hostile executable >> 2. save the save the hostile executable somewhere appropriate >> 3. change the file mode to make it executable. >> 4. execute it with the command ./<filename> >> 5. hilarity ensues (or not) > > Let me propose another hilarious 5-step process: > > 1. Read the LWN.net security page. > > 2. Detect how many exploits are based on data files, and not > on executables. just last week: pax, hdr file format, > squirrelmail (read an email), xvid (look at a > video), clamav (DoS attack), gpdf, firefox (too many > bugs to enumerate), flash plugin, libgd (used in many > applications), gimp, imlib2 (image loading), libvorbis, > openoffice, xine (again, videos are cool), xpdf.
Of course, there are bugs and security holes everywhere, but you seem to have lost perspective - an important point is the severity of the "exploit". There is a big difference between "potential race condition resulting in a possible information leak" and the sort of complete machine takeover that is common in the windows world. > 3. Stop feeling so smug. You deleted my last paragraph, so I'll repeat it here: "Not to be cocky, there is some danger here, but it's a far cry from the ease with which windows systems are regularly pwned with no effort whatsoever on the part of the hapless user." <snip> > Hmm, no, sorry; your post was not hilarious. It was not even funny. > You didn't thought it was insightful, did you? I suppose it was about as hilarious as this posting of yours. Insightful? I never really thought of pointing out the obvious as being insightful, why do you ask? Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
