Wolfgang Woehl wrote:
Aaron Kulkis:
Sloan wrote:
Philippe Landau wrote:
I almost never click on a tinyurl as i don't know what it hides. I'm a linux user, I click on anything i feel like, without fear or viruses or spyware ;) Same here.
Security by insignificance? I'd consider getting rid of that habit whenever it will be judged by interested parties that linux desktops now ranged in the significant amounts. Or your specific box gets to be judged significant.
Linux being based on Unix incorporates the Unix security model. The Unix security model EXPECTS hostile code to be run on the system. The design is for a multi-user system, and even assuming that all users are both legitimate AND use the system in good faith, it assumes that not all programmers are perfect, and that accidents DO in fact happen. That's what all of the read/write/execute permissions are about. And THAT is what keeps me and my system safe.
The notion that malware on linux was technically not feasible is highly irrational. I think experienced senior linux users shouldn't keep on spreading this deceptive mantra. You should know better.
The primary threat is the buffer-overflow problem, which was demonstrated so devastatingly in 1987 by the Morris Worm. We learned our lessen then about the use of strcat() instead of strncat(), and other similarly unlimited writes into stack space (or other memory for that matter).
Malware is not entirely about root, remember? John Doe user accounts with dsl pipes, privacy breaches, Apps-can-do-all etc. You know the list.
All of which STILL execute within the chains of R/W/X permissions. That's WHAT THEY ARE THERE FOR.
I think it'd be good long-term practice to rather gossip about sound and decent security awareness. On any desktop.
You truly don't know what you're talking about. Go buy AND READ "The Design of the Unix Operating System" by Maurice J. Bach. I paid $80 or so for the 3rd edition in the 1980's. Used copies of the 4th edition are now available for the paltry sum of $15 or so.
Be good, Wolfgang
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org