Am 22.03.2013 03:39, schrieb Sam Varshavchik: > Reindl Harald writes: > >> Am 22.03.2013 00:56, schrieb Sam Varshavchik: >> > Even let's hypothetically say there's an exploit in Firefox that can be used to inject executable code, through a >> > malicious web page, once running the code will have no way to overwrite Firefox's binary executable, and implant >> > itself in Firefox, or any other operating system executable. As soon as you log out or reboot, it's gone. The >> scope >> > of the damage is limited to wiping files in your home directory, and that's about it >> >> this as a very naive point of view >> you do not need to change system-binaries >> >> it is enough to place you executeable in the userhome, start >> it with the desktop and let connect it to a remote-server to >> have a shell and break any privacy of the user >> >> how many users would recognize such intrusion? > > How many users will see some mysterious unknown executable on their desktop, and automatically execute it? are you really that naive? why do you think it needs to be on the desktop and manually started? ~/.config/autostart/your-damned-code.desktop > the damage is limited to wiping files in your home directory, > and that's about it and BTW - the system can be reinstalled easily, you work data are not on a public mirror or install ISO
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
