Am 2008-03-02 16:32:26, schrieb David Fox:
> On 3/2/08, Andrew Sackville-West <andrew@farwestbilliards.com> wrote:
>
> > The potential hole I see in mutt is not actually a hole in mutt but in
> > various helpers used by mutt users. For example, many of us use w3m or
> > links or some other text browser to dump html messages to plain text
>
> For that to work, various helper apps would have to be run as root or
> with root privileges. Normally i would not suspect a pic or other
> 'data' to try and be executable anyway.
Not realy, it is already enough, IF the "virus" can save something
executable in your ${HOME} and install a cron/at job for example...
Your system would be transformed into a Zombie sending out spams or
use your ~/.public_html (if a webserver is installed) to serv
pharmaceutical sites...
This IS already enough to create damages...
There is absolutly nothing which requires root previlegs.
Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
Attachment:
signature.pgp
Description: Digital signature