Joachim Schrod wrote:
Sloan wrote:
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:
1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)
Let me propose another hilarious 5-step process:
1. Read the LWN.net security page.
2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf.
Of course, there are bugs and security holes everywhere, but you seem to have lost perspective - an important point is the severity of the "exploit". There is a big difference between "potential race condition resulting in a possible information leak" and the sort of complete machine takeover that is common in the windows world.
3. Stop feeling so smug.
You deleted my last paragraph, so I'll repeat it here: "Not to be cocky, there is some danger here, but it's a far cry from the ease with which windows systems are regularly pwned with no effort whatsoever on the part of the hapless user." <snip>
Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you?
I suppose it was about as hilarious as this posting of yours. Insightful? I never really thought of pointing out the obvious as being insightful, why do you ask? Joe -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org