Mailinglist Archive: opensuse (2225 mails)

< Previous Next >
Re: [opensuse] Scary enough for Halloween...
  • From: Anders Johansson <ajohansson@xxxxxxx>
  • Date: Thu, 5 Nov 2009 07:11:54 +0100
  • Message-id: <200911050711.54386.ajohansson@xxxxxxx>
On Thursday 05 November 2009 06:56:54 Basil Chupin wrote:
The thought in my mind, then, is, "Does a vulnerability in Linux exist?".

A straightforward question, and from what Rajko mentioned, in his last post
here, has only added to my concern about this matter.

The straight-forward response is no, this does not in any way imply a
vulnerability in linux. There may or may not be bugs in flash that would allow
things like that to happen, but so far I haven't heard of any.

The point is that if there is a bug in a piece of software, there will also be
a way to exploit it, and this ranting about cookies and caches is a complete
red herring. Virtually no servers that have exploits allow data to be
uploaded, and yet through exploited bugs code can be, and then executed. If
there is a bug present, hackers rarely need any help to get their code onto
your machine..

Besides which, flash in itself already means you are executing code on your
machine, whether it is the adobe/macromedia player, or gnash, or something
else. It runs in a sandbox as with all other virtual machines that execute
code, such as java, dotnet or PDF/postscript (yes, that is also code that gets
executed), so if there is a bug that would allow malicious behaviour, the lack
of a local cache will not help you in any way

Anders
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups