[linux-elitists] Re: HTML in e-mail

Jason Lunz lunz@falooley.org
Tue Aug 26 11:15:18 PDT 2003


kmself@ix.netcom.com said:
> But the problems with the MS LookOut Automated Virus Propogation
> System _aren't_ buffer overflows.

true, but unrelated to my point.

> It's mandated automatic execution of untrusted content.

This is also true, but is just a technical difference. In practical
terms, it doesn't matter whether the mechanism used by a worm is user
idiocy or an attachment handler overflow. The end result is the same.

> _Most_ GNU/Linux handlers are _not_ randomly executing untrusted
> content.  Outside of sandboxes.  With root / administrator privileges.
> This _is_ the case in legacy MS Windows.

I agree, but this is addresses an analogy I wasn't making.  I was
responding to someone who advocated just using mime handlers to gloss
over the problems inherent in receiving email from abusers of mime
attachments (html mail included).
 
> I do share some of your apprehension.  I feel there's still an order
> or two of magitude (sic) difference between the GNU/Linux and legacy
> MS Windows cases.

agreed. I just wish more attention were paid to the entire security
perimeter of a machine. For most worksthations, this means everything
that processes possibly hostile data.  That is, not just its network
services, but everything that handles an email, a web page, or anything
embedded in a web page or handed off to a mime handler.

Look at the recent Windows hole caused by an overflow in the parsing of
midi headers. How confident are you in the security hardening of your
midi player? Of the hackers who can do competent security audits, how
many do you think devote their time to the universe of oddball
mime handlers in /etc/mailcap?

Modern linux machines do a great job of disabling or firewalling network
services, but the email/web data handling is just porous by comparison.
It's similar to the divide between user and root access on a machine:
mostly nonexistent. It seems to be a dirty little secret that on the
majority of linux machines, having access to a user account is
equivalent to having root.

I don't want to come off too harsh--most of the problems I'm talking
about are easily avoided if you're aware of them. But if the next few
years see the rise of the linux desktop, these are the places where
linux in the hands of ordinary users will give rise to worms just as
ugly as some of the MS ones that have been around.

Jason




More information about the linux-elitists mailing list