Kai Ponte wrote:
On Thursday 07 February 2008 04:48:00 pm Wolfgang Woehl wrote:
Freitag, 8. Februar 2008 Randall R Schulz:
That is manifestly false. It takes an explicit vulnerability for this to happen. The classic one is unchecked overflow of a buffer Any given nasty application would need 1 system call to remove your homedir. Call that "unfair" or "vulnerability", whatever.
How you would run into such a nasty app is another story. But isn't saying that you couldn't a bit over-optimistic?
Okay: I've read enough of this tit-for-tat.
Here's the fact: Any OS can be vulnerable to an attack. I've actually written a sample buffer overflow that gained me (or rather my code) root access from a non-privileged account right on my SUSE 9.3 system. (I got the code from the February 2005 issue of Linux Magazine.)
The difference between Linux and the legacy OS's like Wintendo is that the buffer overflow would have a very difficult time spreading in the wild. IIRC, there was a virus released for *nix in '97 or '98 but it quickly perished.
And as I recall, the virus writer used it to patch the very same vulnerability which allowed it to work in the first place. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org