On Sun, 19 Jan 2003 14:58:41 -0800 "zhiren" <zhiren@bigvalley.net> wrote: > Really interesting! Let me prove it, so you can see it for yourself: > > 1. Let's create a file name asdf in your home folder; > 2. Then (1) start OpenOffice, (2) Alt-T-M to open the macro dialog, > and enter this code: > Sub AViciousCode > Shell( "rm -rf ./asdf",2) > end sub > 3. Now run it to see your asdf file has gone! Nothing strange about that. > The rest is just limited by our imagination of what we can really > viciously do with this kind of code [if you're familiar with VBA you > surely know what I'm talking about]. Imagine you as a root or admin > in your office are feeling so bored, so you check out your mail box > and receive a MSWord or OOWord file with an eye-catching & bombastic > subject like: "At last Linus gives it up!! Start to work for > Microsoft by June 2003". Then you open it without knowing that the > file has "rm -rf /" code, because isn't that true that the Linux > Community is full of nice people only!? Then as you are reading the > shit..., your system file evaporates to the heaven of bytes forever! Well, only an idiot admin would run OO as root, or accept mail as root. Root's email should be aliased to the actual system admin's account, not root. One should _never_ run X or anything like that as root. It's just plain stupid. Linux can't protect a user from their own stupidity. > What we see from this demo actually is two thing: first is how > powerful & useful OpenOffice can be as a tool for automating our > work; and at once how potentially dangerous it can be if there is a > bastard wants to f_ck with that. Only dangerous to the idiot admin. > So, pessimistacally speaking: be careful; but positively speaking: do > replace M$Office in your computing environment...:) -- Jesse Keating RHCE MCSE For Web Services and Linux Consulting, Visit --> j2Solutions.net Mondo DevTeam (www.mondorescue.org) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating -- Psyche-list mailing list Psyche-list@redhat.com https://listman.redhat.com/mailman/listinfo/psyche-list
