Anything? How will it be prevented from being used to attack other machines
(other than attacks that require root on the attacking machine), or to relay
spam, or to act as a warez/mp3/whatever server (sure, quotas could be used,
but are they? And even if they are, does it have enough space for a few
small titles)?
And if that account is also used for mail reading, it could send your
mailbox to the attacker, delete or alter your mail, etc. It'd also have
access to a bunch of e-mail addresses that it could forward itself to.
> That should do no harm. What you mean to say is "if somebody is dumb enough
> to execute any program recieved by email under a user account that has
> permissions to modify files he cares about, consume too many process slots,
> consume excessive vm, or has other special capabilities".
And by default, even the nobody user can use virtually all the memory or
processes it wants. Even with only a few process slots, it could steal a
decent amount of CPU cycles (hmm... a distributed.net worm? :-).
> If a user can run code that can harm the system, then nobody who isn't
> trusted not to harm the system can be a user. That's not how we want Linux
> to be, is it?
If you define "harm the system" as perform any unauthorized
externally-visible (relative to the sandbox) action, then Linux is a *long*
way from achieving that.
-Scott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/