Fedora 18 security questions.

Reindl Harald h.reindl at thelounge.net
Fri Mar 22 00:36:23 UTC 2013


Am 22.03.2013 00:56, schrieb Sam Varshavchik:
> Even let's hypothetically say there's an exploit in Firefox that can be used to inject executable code, through a
> malicious web page, once running the code will have no way to overwrite Firefox's binary executable, and implant
> itself in Firefox, or any other operating system executable. As soon as you log out or reboot, it's gone. The scope
> of the damage is limited to wiping files in your home directory, and that's about it

this as a very naive point of view
you do not need to change system-binaries

it is enough to place you executeable in the userhome, start
it with the desktop and let connect it to a remote-server to
have a shell and break any privacy of the user

how many users would recognize such intrusion?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130322/ad53c5ad/attachment.sig>


More information about the users mailing list