On Tuesday 17 December 2002 16:40, Clayton Cornell wrote:
If you are a TOTAL RAVING LOON ENOUGH TO RUN A BINARY just anyone sends you, then it could very easily do almost anything to your system including erase all the files or even clobber all your partitions.
Nope. Only if your are stupid enough to run it as root. If you are stupid enough to do this as root, you get what you deserve. This is simular to the evolution theory, survial of the fittest <grin>.
I agree, but the point is, when you run into the situation where you have a user who views his/her computer as an appliance (like a toaster) and doesn't have the knowledge (or aren't smart enough) about the effects of running just any binary... well you end up with the same situation in Linux as the world currently has with Windows.... 75% of the malicious code called virii is just plain user ignorance. I was wondering if that same thing could potentially happen in Linux with a less than smart user.
Nope. If the system administrator knows his job and relies on the *standard* unix protection, i.e. user -group-other, only the user files can be tampered with.
The main thing about Linux is that it doesn't tend to run anything without someone actually giving a command to run it... as opposed to Winders, where things get run automatically by Outlook Express, or Exel, or any of the other goodies that Billy did so well at writing.... Macros, etc.. that are also hidden.
Party true. But if it runs anything, it runs it as the user. With modern unix systems which uses KDE or GNOME, this is not true anymore. (I mean: automaticaly startup of programs when the window manager starts.)
This is what saves the dumb user in Linux.. no auto run scripts unless you make it autorun (eg crontab).
Nope. A user is never protected form its own stupidity. If a system doen't allow you to do stupid things, it automatically disallows you to do smart things. The *system* is protected, never the user.
Anyway Ole's comments about NSA inux gives me something I can go research.
C.
Don't bother. Rely on the standard unix protection. It has been enough for over 30 years. Regards, Cees.