Wolfgang Woehl wrote:
James Knott:
If I run some malicious piece of software, the contents of my home directory may be at risk, along with other files I have write permissions for, but not much else.
There you are. Loosing /home/user/* would pretty much make any persons day except Captain Backup's.
While true, there's no benefit of it to the typical virus-writer. The typical virus and trojan author is attempting to hijack a machine for the purpose of turning it into a spam-zombie or to be part of a DoS attack net. Mucking around in a user's home directory doesn't help them achieve those goals at all.
There is no widely-used mechanism in place that would prevent any application you run from opening network sockets,
So? Open all the sockets under my user ID that you want. It doesn't hurt me at all, other than taking space in the file-handle table.
having rwx access to what you own including hardware etc. Not that most apps would need all these privileges.
Again, the most serious problem here is loss of data, which should be backed up anyways. It's NOT going to corrupt your system and force a whole reformat+install+configure like on Windows.
The mechanisms exist though, they're just not used widely: Various acccess control models (sandboxing, apparmor). There's a reason these exist.
Randall, Sloan, James: You know all this. All of you mentioned sets of things people need to be careful about. Like strong passwords, updating, establishing trust between a user and the community he/she depends on, not being a fool etc. Right on. "I click anything because I'm on linux" just doesn't fit in.
So, again, and concluding as I seem to have said my share: Don't advocate carelessness. It's inherently dangerous in the long run. That's not much to ask is it?
There's no BENEFIT to writing malware that attacks a USER ACCOUNT on a Linux or Unix machine.
Wolfgang
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org