tir, 2003-01-14 kl. 18:21 skrev Jason Tackaberry: > It is, however, always a possibility to exploit buffer overflows in the > Evolution to execute arbitrary code as the user running it.
How would an rfc822/2822 mail message do this? What sort of an attachment would do this? "Click on this Linux executable and you'll be born to heaven." Or is Evo running as a daemon on an external interface? Or any interface? Or would it receive streaming audio/video? > But let's be realistic. Any client that accepts data off the net is > potentially vulnerable Yes. > so you should be more no concerned about > Evolution than you would be by running Mozilla, or even xmms, as > described here: > http://online.securityfocus.com/archive/1/306476/2003-01-11/2003-01-17/0 The last has nothing to do with Evo. > (I'm not sure the above posting isn't a hoax, but in theory it's > possible. Extremely complicated, but possible.) Course everything viable is possible. > Basically, if you're extremely nervous, build a kernel with a > non-executable user stack (openwall patch), and build Evolution, > Mozilla, etc. with Stackguard if you're extra paranoid. You could also > sandbox Evolution. I can see it happening :-) > But honestly, nobody is that paranoid. Right? :) I'm not sure the above posting isn't a hoax. Perhaps one of the Ximian people could give us a run down on the whole thing. Best, Tony -- Tony Earnshaw Paranoid e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
