l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2002 Apr 25 16:43

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux's Vulnerability to E-mail Viruses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux's Vulnerability to E-mail Viruses



On Wed, Apr 24, 2002 at 10:00:56PM -0700, Micah Cowan wrote:
> On Wed, 2002-04-24 at 21:21, Richard S. Crawford wrote:
> > I'm operating under the assumption that while viruses for Linux that
> > spread like Windows viruses are very rare, there are still some out
> > there.
> > 
> > So, given that, what level of vigilance is necessary against incoming
> > viruses in a Linux system?
> 
> ...Linux has no problems of this sort, for the simple reason that nobody
> has been stupid enough to write mail clients which are capable of
> automatically running executables.

  I'm not sure I agree about open-software developers 'not being stupid
enough to automatically run executables'... from the angle of most 
open-software programs have a few buffer overrun bugs and depending
on exactly how the overrun is arranged many of these are as good as
"execute the following machine instructions for me please", when in the
hands of someone intimately familiar with the target environment.


  There have been a number of bugs in mail handling components which 
translate to automatic stack overflows in the the system.  Bugs in
fetchmail, procmail, and mutt all come to mind.  Although I don't think
any proof of concept demos where created.

  There are also some very user friendly email clients which, may not
ship with the option on but, can be asked to automatically open
files of certain mime-types with a specific program.  If the processing
program (like xpdf, mozilla, etc) has *ANY* stack overflow from input
file style bugs this would also provide an automatic method into
the machine for users of those clients.

  Until all programming switches to a languages or environments which
remove overrun possibilities there will always be a risk.

   Later,
     Mike

(java is *not* the solution... but perl might be ;)
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!