> So what are exactly are you worried about? A program uploading > sensitive data to a random server? Well the easiest way for a program > to do that is to invoke sendmail to e-mail the information to the > server. In which case the program never attempts to open a port, your > m-t-a does. Your m-t-a opening a port is the most normal thing in the > world. Or if for some reason you don't have your m-t-a properly > configured, it could invoke ssh or lynx or ...
You're right; there are as many opportunities for paranoia WRT what on my system could "phone home" in which manner. I think for Linux to be secured against that sort of thing, there would have to be a kernel hook that logged PIDs of processes that got spawned, and then watched to see if that PID attempted an outgoing access of some sort. (I'm not volunteering to write *that*...). I've similarly wondered if the Gatesware equivalents (the "personal firewalls") are capable of detecting outgoing accesses by things that aren't invoked by the user... probably not, and the corresponding vulnerability is probably there for Windoze systems as well, as I mentioned earlier... The thing is, that sort of malicious code could be embedded in anything you install. The only thing protecting you is the traceability of the code and concomitant liability of the perpetrator to prosecution. Otherwise half the frustrated geeks in the world would be embedding their little "projects" in their employer's products. I don't know about you, but that sort of "protection" doesn't make me feel "secure" in general - I want some sort of process monitoring that can detect outgoing communication attempts. The fact that it hasn't happened yet, doesn't reduce my paranoia one bit. Moreover, the attitude of Linux people that they're somehow immune because of the limited distribution of Linux compared to the Gatesware installed base, is just whistling in the dark, cum laude. From the responses I get in general, the general attitude seems to be to shrug it off because no one can do anything about it. Again, you're right, though, that I'm too narrowly focused WRT the real issue. Maybe this discussion really belongs on a linux security list... Thanks for your input - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
