RE: Is there something that can be done against this ???

David Schwartz (davids@webmaster.com)
Tue, 14 Aug 2001 03:00:58 -0700


> The question is not : "is this script dangerous ?",
> but "are you ready to blindly execute a shell script
> (or any program) that you receive in your mail ?".

Sure, as a user created solely for that purpose, it should be entirely
safe.

> I don't care if this script is dangerous or not because I will
> never execute it,
> or any program that I receive my email before checking its
> contents and making sure
> it is OK.
> (And my mail reader will not execute anything automatically, not
> even Javascript).

Why? Is it because you don't trust your system security? Your operating
system shouldn't let the script do anything you don't want it to do.

> If somebody is dumb enough to execute any program received by email,
> don't loose time trying to find some weaknesses in the system; just
> send him a shell script with "rm -rf /". It will do enough harm !

That should do no harm. What you mean to say is "if somebody is dumb enough
to execute any program recieved by email under a user account that has
permissions to modify files he cares about, consume too many process slots,
consume excessive vm, or has other special capabilities".

> Best protection against mail virus is not technical (although it
> may help),
> but user education; and this is true regardless of which operating system
> or mail reader is used !

If a user can run code that can harm the system, then nobody who isn't
trusted not to harm the system can be a user. That's not how we want Linux
to be, is it?

DS

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/