Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.



>>>>> "Vladimir" == Vladimir Vukicevic <vladimir ximian com> writes:

    > On 23 May 2001 18:26:14 -0400, Miguel de Icaza wrote:
    >> Note that this will happen right now anyways, as .desktop files
    >> do not need to have the execute bit set.

    > Right, so why make the problem worse?

The fix my friend is to make irc clients not auto-accept data.
auto-dcc-accept can lead to DoS attacks.  You just dcc /dev/null and
fill someone's quote or disk space.  There you go.

So fix the problem at the source. 

    > The windows ILOVEYOU scenario included many many reports of
    > people receiving emails which said "do not open email called
    > iloveyou", but they did anyway because it was "from someone they
    > knew".  Not being able to execute simple programs like this
    > trivially puts a barrier in place so that only people who are
    > qualified to execute said program are able to.  

Well, if you want total security, dont let any software ever
downloaded from the network be executed.  Turn off java, javascript
in your browser, do not trust red carpet (after all, DNS attacks are
possible), do not trust http://go-gnome.com, and if we are in that
path, how can you trust all the code that is included in an open
source operating system?  

Have you read all the source code?  How can you know that the binaries
do not contain holes?  How do you know the binary matches the source?
Or how do you know that the compiler does not contain a hole that adds
holes as described by Thompson in `Reflections of Trustring Trust'?

    > The qualification is rather low, but sadly, as evidenced by the
    > Windows virii, a large number of users apparently aren't
    > "qualified".

No virus so far has become `popular' spread through people downloading
software and double clicking on a file.  It has happened through mass
distribution systems like e-mail.

Miguel.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]