Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
s. keeling wrote:
> Incoming from Moe:
>
>>Martin Schulze wrote:
>>
>>> Part 1 Type: C
>>> Encoding: 8bit
>>
>>After all these months/years of warnings to NEVER open email
>>attachments, why are you sending attachments instead of in-line?
>
>
> People who don't use stupid Windows email clients have no trouble with
> attachments at all. Attachments are a very useful tool; for instance,
> for code listings, they arrive unmangled by line wrap.
>
> Get a better email client, running on a better OS.
Do you mean to say that opening "message.txt\t\t\t.desktop" which happens to be
a freedesktop.org compliant launcher for the program "rm -rf $HOME" is safe
because it's designed for people running one of the F/OSS products GNOME or KDE
on a F/OSS OS?
I agree that not opening any attachments is counter-productive and shows
paranoia, but we shouldn't feel that just because F/OSS is better than e.g. MS
Windows it's infinitely better.
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$
UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K-
w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-)
b++(+++)@ DI? D? G e->++++ h* r? z*
------END GEEK CODE BLOCK------
David Mandelberg
mandelbergd@eth0.is-a-geek.org
Reply to: