Re: Fedora 18 security questions.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 22.03.2013 03:39, schrieb Sam Varshavchik:
> Reindl Harald writes:
> 
>> Am 22.03.2013 00:56, schrieb Sam Varshavchik:
>> > Even let's hypothetically say there's an exploit in Firefox that can be used to inject executable code, through a
>> > malicious web page, once running the code will have no way to overwrite Firefox's binary executable, and implant
>> > itself in Firefox, or any other operating system executable. As soon as you log out or reboot, it's gone. The
>> scope
>> > of the damage is limited to wiping files in your home directory, and that's about it
>>
>> this as a very naive point of view
>> you do not need to change system-binaries
>>
>> it is enough to place you executeable in the userhome, start
>> it with the desktop and let connect it to a remote-server to
>> have a shell and break any privacy of the user
>>
>> how many users would recognize such intrusion?
> 
> How many users will see some mysterious unknown executable on their desktop, and automatically execute it?

are you really that naive?
why do you think it needs to be on the desktop and manually started?
~/.config/autostart/your-damned-code.desktop

> the damage is limited to wiping files in your home directory,
> and that's about it

and BTW - the system can be reinstalled easily, you work data
are not on a public mirror or install ISO

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux