Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
From: "s. keeling" <keeling@spots.ab.ca>
Date: Tue, 18 Jan 2005 22:07:38 -0700
Message-id: <[🔎] 20050119050738.GA1948@infidel.spots.ab.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20050119043450.GI3376@linuxmafia.com>
References: <m1CqprA-000omSC@finlandia.Infodrom.North.DE> <[🔎] 41EDD095.5218B68F@patriot.net> <[🔎] 20050119022735.GA728@infidel.spots.ab.ca> <[🔎] 41EDCDC8.3090507@eth0.is-a-geek.org> <[🔎] 20050119030640.GG3376@linuxmafia.com> <[🔎] 20050119042842.GD1479@infidel.spots.ab.ca> <[🔎] 20050119043450.GI3376@linuxmafia.com>

Incoming from Rick Moen:
> Quoting s. keeling (keeling@spots.ab.ca):
> 
> > Well, even mutt will, if you turn on autoload crap in .muttrc and load
> > up your .mailcap with stupid helper apps.
> > 
> > Out of the box, no, mutt doesn't do that.
> 
> Ja.  We might call the .mailcap scenario the "aim-gun-at-my-foot-please" 

Ha!

The problem here is the nitwit factor.  Nitwits who are deathly afraid
of having to think about what to do with some obscure file format, want
their app/OS to just fscking handle it and do the right thing.  Well,
what app/OS is well known for that sort of behaviour?  And what are the
generally expected repercussions?  Oh yes.  Lookout! and Internet
Exploder, and consequently enabled viruses, worms, trojans, spambots,
spyware, ...

I say again to the original poster, get a better MUA, running on a
better OS.  I've no sympathy for your present situation.  Attachments
are a valuable feature that your system is unable to take advantage
of.  We don't have that problem here.  That's why we run Debian.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)    http://www.spots.ab.ca/~keeling      Please don't Cc: me.
- -

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Moe <moel@patriot.net>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: David Mandelberg <mandelbergd@eth0.is-a-geek.org>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Rick Moen <rick@linuxmafia.com>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)
Next by Date: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Previous by thread: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Next by thread: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Index(es):
- Date
- Thread