On Thu, 2009-11-05 at 07:11 +0100, Anders Johansson wrote:
On Thursday 05 November 2009 06:56:54 Basil Chupin wrote:
The thought in my mind, then, is, "Does a vulnerability in Linux exist?".
A straightforward question, and from what Rajko mentioned, in his last post here, has only added to my concern about this matter.
The straight-forward response is no, this does not in any way imply a vulnerability in linux. There may or may not be bugs in flash that would allow things like that to happen, but so far I haven't heard of any.
The point is that if there is a bug in a piece of software, there will also be a way to exploit it, and this ranting about cookies and caches is a complete red herring. Virtually no servers that have exploits allow data to be uploaded, and yet through exploited bugs code can be, and then executed. If there is a bug present, hackers rarely need any help to get their code onto your machine..
Besides which, flash in itself already means you are executing code on your machine, whether it is the adobe/macromedia player, or gnash, or something else. It runs in a sandbox as with all other virtual machines that execute code, such as java, dotnet or PDF/postscript (yes, that is also code that gets executed), so if there is a bug that would allow malicious behaviour, the lack of a local cache will not help you in any way
Anders
What rock have you been living under? The original points are completely valid. The problem exists in all closed source software and is a problem in many ways besides security or privacy concerns, it's a plain, perpetual technical problem too. Witness the perpetual problems with video drivers just for one of many examples. I have several others particular to me since my company must use several commercial apps that run on linux, which our ASP business lives on top of, which in turn all our customers businesses live on top of since our app is central to their businesses. Each of these apps has various problems which I must simply suffer with and work around and apologize to the users about. Actually fixing them is not within my power. If the code were available to me yes in fact I COULD either fix them, or at least diagnose them completely and devise a palliative that is actually reliable, or present my findings to some hired gun better coder than me to address. Several of my most pain in the neck problems I know would actually be such trivial changes I could do them myself in 10 minutes. I'm not even relying on the magic of "someone would fix it sooner or later". But that is not an invalid statement at all even if I were relying on that. It's demonstrable many times over in countless pieces of software by now. It's an established and proven fact of history. Not an empty wish that has no weight as an argument. The fact that most individuals do not have the time (even if they had the interest and the ability) to become hackers in their own right, software developer and kernel hacker gurus such that they are actually more powerful than all other hackers, just so that they can personally and completely audit every line of code that executes on their machine IN NO WAY invalidates the difference in quality and safety between ANY closed source binary and ANY open source program. The difference between available and not-available, visible and not-visible, possible and not-possible, is all the difference in the world. It's a demonstrated thing already and far beyond any shred of a doubt or question. It's a no-brainer. If you don't know the answer to his ACTUAL QUESTION, which wasn't "Is Adobe flash plugin harmful?" it was "What if any open source alternatives to Adobe Flash plugin are there?", then either say that, or better yet say nothing. -- bkw -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org