Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
s. keeling wrote:
> No, I assume people have half a brain in their heads, look at the
> attachment type, maybe save it to a file and inspect it, then maybe
> look at it or delete it. Too much work?
Whether it's too much work or not, most non-geeks I know don't bother.
> Okay, slap a lot of autoload
> crap in your .mailcap and watch your system disappear. You don't
> _have_ to look at an attachment if you don't trust it.
I know, but if it looks like a text document to a newbie, they probably would
open it anyway.
I'm just suggesting that it should be harder for them to shoot themselves in the
foot i.e. by making .desktop's have the x bit before they can be launched.
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*
------END GEEK CODE BLOCK------
David Mandelberg
mandelbergd@eth0.is-a-geek.org
Reply to: