On Sat, 17 Oct 2009, András Murányi wrote:
OK, you're all welcome to crash my pd but not to run hostile code on my
machine. Now, we now that the code posted my Claude can eat up our RAM
but can it write to an executable region or do other really nasty
things? On the other hand - does a fresh copy of Vanilla or extended
offer simple ways to run system commands? If yes, no odd stack overflow
methods are needed to hack a system.
Just [textfile] and [soundfiler] are enough to overwrite important files.
A user's most important data is typically writable, and write-protected
files are usually the files that are easy to reinstall from a DVD or
whatever. And then writability is only one half of the problem when you
can have your personal data uploaded to your enemies.
This also goes for any other code one runs on your system. Max by default
isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash
interpreters by default aren't any safer, and there isn't any point in
banning any of those if your four-year-old daughter still can download
random EXE files and run them. And so on.
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard, Montréal, Québec. téléphone: +1.514.383.3801
_______________________________________________
Pd-list@iem.at mailing list
UNSUBSCRIBE and account-management ->
http://lists.puredata.info/listinfo/pd-list
