On Fri, Mar 16, 2007 at 10:22:05PM -0400, Derek Martin wrote: > On Fri, Mar 16, 2007 at 12:40:27AM +0000, Paul Walker wrote: > > If you can modify someones personal files, the game's already over.
> Not so. At least not necessarily. So! > Say there's a (purely hypothetical) bug in Mutt which allows an > attacker to cause mutt to download an arbitrary file (perhaps actually > in an application frequently used to aid mutt in viewing mail and/or > attachments, e.g. lynx). Say the bug allows the creation of the file, > but in no way allows for the execution of code within the file. Such > bugs have existed. In that case, you get them to download an authorized_keys file for ssh... imc
