[linux-elitists] Re: HTML in e-mail
Karsten M. Self
Mon Aug 25 16:07:31 PDT 2003
on Mon, Aug 25, 2003 at 03:50:50PM +0000, Jason Lunz (firstname.lastname@example.org) wrote:
> email@example.com said:
> > Hell, I use antiword, pstotext, and a bunch of other apps to
> > make zork turn ALL big ugly incoming attachments into plain text. If
> A point nobody seems to have mentioned is that automatically feeding
> every type of weird format that anyone might possibly send you into some
> kind of translator is a huge security risk. It may not be a big issue if
> folks like you do it here and there (well, unless someone's attacking
> you specifically). But if that kind of setup were to become
> widespread (say, as part of a RedHat default install), then it would
> only take one buffer overflow in some common translator to make a pretty
> good email worm akin to these ugly Outlook ones. You wouldn't even need
> to open the mail if you had procmail or your MTA translating on
> delivery. And how closely do things like antiword or pstotext get
> security audited?
> This is what I think of whenever people get all smug about linux not
> having a virus/worm problem. The time may not be ripe yet, but when
> desktops get so "integrated" that the system is "smart" enough to find
> the right handler for all kinds of attachments, it'll only be a matter
> of time.
> or maybe I'm paranoid. But a linux email worm wouldn't need root to
But the problems with the MS LookOut Automated Virus Propogation System
_aren't_ buffer overflows. It's mandated automatic execution of
_Most_ GNU/Linux handlers are _not_ randomly executing untrusted
content. Outside of sandboxes. With root / administrator privileges.
This _is_ the case in legacy MS Windows.
I do share some of your apprehension. I feel there's still an order or
two of magitude (sic) difference between the GNU/Linux and legacy MS
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Office Despot: Office Depot embraces Microsoft XP logo requirement.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20030826/3019c616/attachment.pgp
More information about the linux-elitists