Fedora 18 security questions.
Sam Varshavchik
mrsam at courier-mta.com
Fri Mar 22 02:39:52 UTC 2013
Reindl Harald writes:
> Am 22.03.2013 00:56, schrieb Sam Varshavchik:
> > Even let's hypothetically say there's an exploit in Firefox that can be
> used to inject executable code, through a
> > malicious web page, once running the code will have no way to overwrite
> Firefox's binary executable, and implant
> > itself in Firefox, or any other operating system executable. As soon as
> you log out or reboot, it's gone. The scope
> > of the damage is limited to wiping files in your home directory, and
> that's about it
>
> this as a very naive point of view
> you do not need to change system-binaries
>
> it is enough to place you executeable in the userhome, start
> it with the desktop and let connect it to a remote-server to
> have a shell and break any privacy of the user
>
> how many users would recognize such intrusion?
How many users will see some mysterious unknown executable on their
desktop, and automatically execute it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130321/27e7a2ec/attachment.sig>
More information about the users
mailing list