Re: unix and email viruses
On Sun, Mar 02, 2008 at 05:01:06PM -0800, Andrew Sackville-West wrote:
> On Sun, Mar 02, 2008 at 04:32:26PM -0800, David Fox wrote:
> > On 3/2/08, Andrew Sackville-West <email@example.com> wrote:
> Anyway, that's the whole point of an exploit -- providing some
> _thing_, data or code, that causes a privilege escalation. It doesn't
> have to be a helper running as root, just a helper that can be
> exploited in some manner to get a root escalation. At least that's
> what I understand.
Do the standard virus checkers (is it ClamAV?) find such problems before
an exploit in mutt/helper is found or fixed?
I never read email from X, always from a VT (or a vt520). If something
comes in from someone I don't know and it contains an image, I delete
it; if it contains html, I read it myself and if I'm really curious I'll
open it with lynx when disconnected from the internet (I'm on dialup).
Any other attachements from people I don't know get deleted too. If I
get an unknown attachement from someone I do know, I'll send them a note
saying "what is this?".
I never read mail as root, it all gets redirected to me, dtutty. OTOH,
dtutty is in lots of groups: ssh, adm, staff so something nasty could do
use the user dtbrowser which is in no special groups and has nothing
secret in /home/dtbrowser.