Re: [Evolution] Security Issues

[Jeffrey Stedfast <fejj helixcode com>]

I'd say one of the best lines of defense that we have is that Evolution will
not be integrated into your system like Outlook/Express are in Windows.
This means that a hostile email can't corrupt stuff on your system, it
might crash Evolution but that'd be the worst it could do.

You *will* still have to be careful about running shell scripts/executables
that come as attachments though, however we will probably have Evolution
save them to disk with your default file permissions (which for the average
user is 644 - meaning the average user will NOT be able to just run these
programs; they'll have to chmod them first).

Obviously there will still be dangers. Even using a mailer like pine or elm
you have to be careful about running attachments.

Hopefully Miguel or someone will answer your question with a little more
detail than I have, but I hope my answer has answered at least most of your
questions.

Jeff

On Mon, 17 Jul 2000, Joe Barr wrote:
> Date: Mon, 17 Jul 2000 11:18:51 -0500
> To: evolution helixcode com
> From: Joe Barr <warthawg blackhat net>
> Reply-To: warthawg blackhat net
> Subject: [Evolution] Security Issues
>
>
>
> How will the way Evolution handles scripts/html/executables
> be different than that of Outlook/Outlook Express?  Or will
> Evolution users be just as exposed to the ravages of user
> hostile mail as Windows users?
>
>
> See ya,
> Joe Barr
>
>
>
>
>
> -- 
> +==============================================+
> | "Hoping the problem goes away by ignoring it |
> | is 'the Microsoft approach to programming'   |
> | and should never be allowed." Linus Torvalds |
> +==============================================+
>
> _______________________________________________
> evolution maillist  -  evolution helixcode com
> http://lists.helixcode.com/mailman/listinfo/evolution
-- 
Spruce: Save the trees! Don't use toilet paper!