| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 39539 | 2003-11-09 23:58:00 | Windows is not the only OS, which could get a security flaw | stu140103 (137) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 190513 | 2003-11-11 03:42:00 | > Just means that if Gaim was running under it's own account it could only access the files it needs to run and everything else is off limits... Such as the log files. There can be A LOT of information in those ;-) |
-=JM=- (16) | ||
| 190514 | 2003-11-11 03:48:00 | > Just means that if Gaim was running under it's own account it could only access the files it needs to run and everything else is off limits... Such as the log files. There can be A LOT of information in those ;-) |
-=JM=- (16) | ||
| 190515 | 2003-11-11 03:55:00 | Not as easy as that, Susan . But it would also be very easily detected . Those who write the code might not do it for money, but they do it for recognition . That recognition is not just the respect of the community --- it often pays off in that they get very good job offers . There's enough hard work involved in getting OS code right that anyone who got their fun by sabotage wouldn't last long enough to get malicious code into the system . I think it was Dennis Ritchie who owned up to having put a backdoor in the C compiler in the very early days . That was very cleverly done . . . and it was so subtle that it was pretty well undetectable . But --- he was the programming community involved . If there had been dozens of people involved, he couldn't have done it . |
Graham L (2) | ||
| 190516 | 2003-11-11 04:57:00 | Susan> Ive written a "Virus" for linux... This is pretty much all the damage that can be done in ANY linux system: rm -rf ~/ You know what? Good backups means that this doesnt really matter either, coz I'll be able to restore a backup, say from CD, and in 5 minutes be back up and running! The great thing about opensource is that if some numbnuts trys anything like that, Its not terribly hard for Joe Bloggs down the road to remove that part of the code and start his own branch of SoftwareXYZ :-) |
Chilling_Silently (228) | ||
| 190517 | 2003-11-11 07:20:00 | > The other side of the arguement was that not everyone looks at source code - they just want a program that works and who cares how it runs. And with the number of OpenSource applications I'd be surprised if someone hadn't tried it as it's practically impossible to monitor all the projects. Exactly. Also practically everyone downloads the rpms or whatever that are easier to install. Now what if the author decided to include some small, malicious code just in the rpm file - but leaves the source code available without the flaw, so no-one would suspect anything. Now it could be said that whoever is trusted with the final job of compiling the source code, could insert anything they liked into it just before compiling and then distributing it. |
PoWa (203) | ||
| 190518 | 2003-11-11 07:26:00 | Thats true, but again, it would be very bad (recognition wise) for the person involved. If you don't trust third party rpm's, then don't use them. The thing that seems to be overlooked is that this situation is no better on windows. |
segfault (655) | ||
| 190519 | 2003-11-11 08:20:00 | Can we stop with the getting paranoid about Linux source code thing? You're starting to worry me... at least before I was only concerned about the dangers in Windows, but now you've shed a whole new light on something... just starting to make me concerned about what I download to try on Linux. Bless Linux' lack of support for my modem, or else I'd be really paranoid by now :D |
agent (30) | ||
| 190520 | 2003-11-11 09:36:00 | > Can we stop with the getting paranoid about Linux source code thing? OK, how about the compiler (cm.bell-labs.com) instead? :D |
bmason (508) | ||
| 190521 | 2003-11-11 11:17:00 | You have not made the true move yet. | mikebartnz (21) | ||
| 190522 | 2003-11-11 11:21:00 | Bah | mikebartnz (21) | ||
| 1 2 3 4 5 6 7 | |||||