Fedora 18 security questions.

[Sam Varshavchik]

Reindl Harald writes:

>
>
> Am 22.03.2013 03:39, schrieb Sam Varshavchik:
> > Reindl Harald writes:
> >
> >> Am 22.03.2013 00:56, schrieb Sam Varshavchik:
> >> > Even let's hypothetically say there's an exploit in Firefox that can be  
> used to inject executable code, through a
> >> > malicious web page, once running the code will have no way to overwrite  
> Firefox's binary executable, and implant
> >> > itself in Firefox, or any other operating system executable. As soon as  
> you log out or reboot, it's gone. The
> >> scope
> >> > of the damage is limited to wiping files in your home directory, and  
> that's about it
> >>
> >> this as a very naive point of view
> >> you do not need to change system-binaries
> >>
> >> it is enough to place you executeable in the userhome, start
> >> it with the desktop and let connect it to a remote-server to
> >> have a shell and break any privacy of the user
> >>
> >> how many users would recognize such intrusion?
> >
> > How many users will see some mysterious unknown executable on their  
> desktop, and automatically execute it?
>
> are you really that naive?
> why do you think it needs to be on the desktop and manually started?
> ~/.config/autostart/your-damned-code.desktop

When you have some free time, you may want to read the rest of what I wrote,  
in that message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130322/78a0cfa6/attachment.sig>