Re: [Evolution] Is virus protection required?
- From: Tony Earnshaw <tonni billy demon nl>
- To: Jason Tackaberry <tack auc ca>
- Cc: Dave Finnegan <dave synchronicity com>, Evolution Mailing List <evolution ximian com>
- Subject: Re: [Evolution] Is virus protection required?
- Date: 14 Jan 2003 20:32:08 +0100
tir, 2003-01-14 kl. 18:21 skrev Jason Tackaberry:
It is, however, always a possibility to exploit buffer overflows in the
Evolution to execute arbitrary code as the user running it.
How would an rfc822/2822 mail message do this? What sort of an
attachment would do this? "Click on this Linux executable and you'll be
born to heaven."
Or is Evo running as a daemon on an external interface? Or any
interface? Or would it receive streaming audio/video?
But let's be realistic. Any client that accepts data off the net is
potentially vulnerable
Yes.
so you should be more no concerned about
Evolution than you would be by running Mozilla, or even xmms, as
described here:
http://online.securityfocus.com/archive/1/306476/2003-01-11/2003-01-17/0
The last has nothing to do with Evo.
(I'm not sure the above posting isn't a hoax, but in theory it's
possible. Extremely complicated, but possible.)
Course everything viable is possible.
Basically, if you're extremely nervous, build a kernel with a
non-executable user stack (openwall patch), and build Evolution,
Mozilla, etc. with Stackguard if you're extra paranoid. You could also
sandbox Evolution.
I can see it happening :-)
But honestly, nobody is that paranoid. Right? :)
I'm not sure the above posting isn't a hoax. Perhaps one of the Ximian
people could give us a run down on the whole thing.
Best,
Tony
--
Tony Earnshaw
Paranoid
e-post: tonni billy demon nl
www: http://www.billy.demon.nl
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
