How many users are there that use a specific user account to read
their emails on their Linux workstation ?
I don't, I use my account to read mails, write documents,
develop programs,etc. So even if a malicious program does
not do any arm to the system, it can at least destroy or corrupt my
own files and I will loose time restoru=ing from last backup and
rebuilding recently modified files.
> > I don't care if this script is dangerous or not because I will
> > never execute it,
> > or any program that I receive my email before checking its
> > contents and making sure
> > it is OK.
> > (And my mail reader will not execute anything automatically, not
> Why? Is it because you don't trust your system security? Your operating
> system shouldn't let the script do anything you don't want it to do.
Yes I trust my system security. But even the system is not affected,
since the script will run with my userid, it will be able to do everything
I am allowed to do.
> > If somebody is dumb enough to execute any program received by email,
> > don't loose time trying to find some weaknesses in the system; just
> > send him a shell script with "rm -rf /". It will do enough harm !
> That should do no harm. What you mean to say is "if somebody is dumb enough
> to execute any program recieved by email under a user account that has
> permissions to modify files he cares about, consume too many process slots,
> consume excessive vm, or has other special capabilities".
It was just a one line example. Even if does not do any harm to
system files, it will harm my own files !
BTW, how many people are positively sure that they can
run "su nobody -c rm -rf /" on their system without loosing anything ?
> > Best protection against mail virus is not technical (although it
> > may help),
> > but user education; and this is true regardless of which operating system
> > or mail reader is used !
> If a user can run code that can harm the system, then nobody who isn't
> trusted not to harm the system can be a user. That's not how we want Linux
> to be, is it?
Well, you are right; but even if a user does not harm the system,
he will harm himself and there is no way the system can protect him
against it. So we are back to my point: user protection comes from
-- Joseph Bueno NetClub/Trader.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/