Sloan wrote:
It seems to be essentially one of the "honor system" viruses for unix,
you know the drill:
1. download the hostile executable
2. save the save the hostile executable somewhere appropriate
3. change the file mode to make it executable.
4. execute it with the command ./<filename>
5. hilarity ensues (or not)
Let me propose another hilarious 5-step process:
1. Read the LWN.net security page.
2. Detect how many exploits are based on data files, and not
on executables. just last week: pax, hdr file format,
squirrelmail (read an email), xvid (look at a
video), clamav (DoS attack), gpdf, firefox (too many
bugs to enumerate), flash plugin, libgd (used in many
applications), gimp, imlib2 (image loading), libvorbis,
openoffice, xine (again, videos are cool), xpdf.
3. Stop feeling so smug.
4. Follow other exploit publications, security pages, and security
mailing lists; detect how many privledge escalation exploits
are out there. Understand that they can be triggered by remote
exploits from step 2.
5. Start feeling numb when you read all the dumb posts in this
thread that focus on executable programs that the user must
run (because this is the prominent attack vector on Windows).
It depends on your intelligence if you need to follow this through
to the end or if you realize soon enough that from "downloading and
running executables is not a relevant attack vector for Linux" does
*NOT* follow "Linux is safe". In math, this is called the
difference between equivalence and implication.
Hmm, no, sorry; your post was not hilarious. It was not even funny.
You didn't thought it was insightful, did you?
Joachim
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: [EMAIL PROTECTED]
Roedermark, Germany
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]