On 05/11/09 15:46, Anders Johansson wrote:
On Thursday 05 November 2009 04:44:06 Basil Chupin wrote:
huh? Every linux user knows that when he downloads an executable program, he has to do "chmod u+x" on it before he can execute it.
Until just now, I have never been told to do this :-) .
I'm starting to wonder if you're having a laugh
No, Anders, I am not "having a laugh". I have no desire nor wish to argue with you, or anyone, for whatever reason.
At no point in this advice is it said they have to su to root first. In file managers, the interface allows you to change permissions on files to your heart's content.
Ce? "To [one's] heart's content"? Surely you mean if you are the owner of the file.
well, yes
Fine. At least this one is now made clear.
So basically you are saying that when I was told, and I have told many other people same, that Linux was secure and unhackable,
There is no such thing as "unhackable". Linux is more secure, but dangers lurk everywhere
unlike our "friend", that Linux is just as vulnerable to all sorts of hank-panky if someone sat down and tried to exploit the sort of vulnerabilities mentioned here?
I haven't seen any mention of vulnerabilities in this thread
See below.
But what you're talking about now, about file permissions, is just silly. You have been on this list for a very long time, I refuse to believe that you don't know this. chmod is one of the most basic tools there are, you *must* have worked with it
Yes, I have used both CHMOD and CHOWN as *root* to 'globally' alter the settings for directories under certain instances.
Anyway, the point is that anything you can do can be done by programs executed by you. To some extent you can limit it using tools such as AppArmor, but basically, programs executed by you *are* you, as far as the kernel is concerned
The bottom line, then, is that what the OP raised about Adobe Flash is an exploitable feature in Linux, right?
The OP complained that flash stored cookies and cached objects. I didn't see any mention of any exploit or security issue.
Anders
OK, let's have a look at what the OP (Richard stated in a post a while back) and to which you did not provide a response either accepting or negating his statement: QUOTE They are not *supposed* to be executable, but there is nothing to prevent executable code from being uploaded to your machine, stored in a 'flookie' and with the cooperation of a reader like Adobe, launch the code. No, it isn't supposed to happen, but neither are worms and viruses supposed to happen. Giving hackers a way to infiltrate your machine, unimpeded and unquestioned is giving them the keys to the machine. It is inevitable that one will use it to start their destructo mechanisms. UNQUOTE The thought in my mind, then, is, "Does a vulnerability in Linux exist?". A straightforward question, and from what Rajko mentioned, in his last post here, has only added to my concern about this matter. A simple concern, requiring a simple answer and without any comments about how long I have been on this mail list, et alia and et alia. BC -- The chief cause of problems is solutions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org