2009/10/17 Mathieu Bouchard <ma...@artengine.ca> > On Sat, 17 Oct 2009, András Murányi wrote: > > OK, you're all welcome to crash my pd but not to run hostile code on my >> machine. Now, we now that the code posted my Claude can eat up our RAM but >> can it write to an executable region or do other really nasty things? On the >> other hand - does a fresh copy of Vanilla or extended offer simple ways to >> run system commands? If yes, no odd stack overflow methods are needed to >> hack a system. >> > > Just [textfile] and [soundfiler] are enough to overwrite important files. A > user's most important data is typically writable, and write-protected files > are usually the files that are easy to reinstall from a DVD or whatever. And > then writability is only one half of the problem when you can have your > personal data uploaded to your enemies. >
Or a worm/rootkit set up on your box. > This also goes for any other code one runs on your system. Max by default > isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash > interpreters by default aren't any safer, and there isn't any point in > banning any of those if your four-year-old daughter still can download > random EXE files and run them. And so on. Indeed. What's worse, i download scripts from unknown dudes and run them root on a daily basis (most of them are makefiles ;o) Best way of protection is not to make anyone angry, and reading Kevin Mitnick. Andras
_______________________________________________ Pd-list@iem.at mailing list UNSUBSCRIBE and account-management -> http://lists.puredata.info/listinfo/pd-list
