Re: Idea for gnome e-mail client



On Sat, 06 May 2000 11:12:22 Kent Schumacher wrote:
> 
> I ran across an interesting idea that might be worth considering for
> gnome e-mail clients.  The article link is below.  To summarize,
> the author proposes developing an API to scan e-mail content
> which can catagorize an e-mail threat potential.
> 
> I also had the thought that it might be nice to be able to view high
> threat e-mail in a chroot'ed e-mail client.
> 
> http://www.linuxplanet.com/linuxplanet/reports/1800/4/
> 
> Just thinking on a Saturday morning,
> kent
> 

We were talking about this on balsa-list... basically, since
we're on multiuser systems, unless you're running your mail client
as root, you can't do too much damage to your system. And honestly,
if you're running a mail client like Balsa as root, you deserve
whatever you get :-)

[ I might note that under Linux, at least, you must be root to
do a chroot() ]

Of course, you could still theoretically lose your home directory
and all your personal data. To prevent that isn't a big deal:

1) Don't execute anything automatically.
2) If you feel like you must execute something that came floating
 along in an email, give the user a big fat warning dialog. If the
 user is not smart enough to make sure that the script is safe,
 there's nothing we can do about that.
3) If you must implement some kind of scripting language, make sure
 that you can sandbox it.

-- 
==============================
Peter Williams peter@newton.cx
"AIIEEEEEEEEE!!! DEATH ANTS!!"




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]