Sloan wrote:
It seems to be essentially one of the "honor system" viruses for unix, you know the drill:
1. download the hostile executable 2. save the save the hostile executable somewhere appropriate 3. change the file mode to make it executable. 4. execute it with the command ./<filename> 5. hilarity ensues (or not)
Let me propose another hilarious 5-step process: 1. Read the LWN.net security page. 2. Detect how many exploits are based on data files, and not on executables. just last week: pax, hdr file format, squirrelmail (read an email), xvid (look at a video), clamav (DoS attack), gpdf, firefox (too many bugs to enumerate), flash plugin, libgd (used in many applications), gimp, imlib2 (image loading), libvorbis, openoffice, xine (again, videos are cool), xpdf. 3. Stop feeling so smug. 4. Follow other exploit publications, security pages, and security mailing lists; detect how many privledge escalation exploits are out there. Understand that they can be triggered by remote exploits from step 2. 5. Start feeling numb when you read all the dumb posts in this thread that focus on executable programs that the user must run (because this is the prominent attack vector on Windows). It depends on your intelligence if you need to follow this through to the end or if you realize soon enough that from "downloading and running executables is not a relevant attack vector for Linux" does *NOT* follow "Linux is safe". In math, this is called the difference between equivalence and implication. Hmm, no, sorry; your post was not hilarious. It was not even funny. You didn't thought it was insightful, did you? Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org