BZZT... but joe blow can't delete SYSTEM FILES, or any file the he does
not own. Log on a a LUSER and try rm -rf /etc see what gets deleted. Not
a darn thing. Same for /bin /sbin etc etc etc.
My trusty vi editor can shell out, but it will only let me harm myself,
not another user or the system proper.
OTOH, I can deltree windows all day long. I wonder, should I start an
anti-virus e-mail saying that they are infected, and the only cure is to
deltree c:\windows\*.exe, thereby deleteing the virus program? How may
idiots.. opps, computer users out there would happily do it, and then brag
to thier co-works about "virus scanning" thier computers over coffee
break? hahahahahaha!
Paul D. Farber II
Farber Technology
Ph. 570-628-5303
Fax 570-628-5545
[EMAIL PROTECTED]
On 30 Mar 1999, Russ Allbery wrote:
> Paul Farber <[EMAIL PROTECTED]> writes:
>
> > Hmmm, Windows has the ability to write a script that ANYONE can run that
> > will delete the disk. Hmmm. Why should a Word Processor EVER have the
> > ability to make system calls?
>
> I assume you've deleted vi and emacs from your system? After all, they
> allow system calls. Hell, so does ed. pico allows shell escapes. What
> *do* you use for an editor?
>
> xdvi supports it because it allows you to do some cool things with
> specials. xdvi is hardly a Windows program. If I'm not mistaken,
> PostScript interpretors can support the same thing in specials. From the
> man page:
>
> -allowshell
> (.allowShell) This option enables the shell escape in PostScript
> specials. (For security reasons, shell escapes are disabled by
> default.) This option should be rarely used; in particular it
> should not be used just to uncompress files: that function is
> done automatically if the file name ends in .Z, .gz, or .bz2
> Shell escapes are always turned off if the -safer option is
> used.
>
> > It IS a MS problem, they should not allow any indescriminate user to run
> > format or del *.* . IF you don't want a child to shoot themselves,
> > don't give them a gun to play with.
>
> > UNIX/Linux has the ability to say.. "Hey, you can't do that!" with a
> > simple feature like file permissions and file ownership.
>
> Um, no. rm -rf * will delete all your files in Linux just the same way
> that del *.* will on a Microsoft operating system. Windows 95 is a
> *single user* operating system, which means that all the files on the disk
> are your files if you're sitting in front of the computer. You'll find
> that some Linux users are always logged in as root too. This is a
> mentality as much as it's a technical design.
>
> > Why hasn't MS followed suit with these basic security precaustions?
>
> Because they're building a single-user operating system. They have
> followed suit from the beginning for their *multiuser* operating system,
> Windows NT.
>
> If you don't want the user at the console to be considered God, don't use
> a single-user operating system. If you're going to bash single-user
> operating systems, at least do it equally; Macintoshes are the same way.
> It's hardly a Microsoft-specific disease.
>
> --
> Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
>