Am 22.03.2013 03:39, schrieb Sam Varshavchik: > Reindl Harald writes: > >> Am 22.03.2013 00:56, schrieb Sam Varshavchik: >> > Even let's hypothetically say there's an exploit in Firefox that can be >> > used to inject executable code, through a >> > malicious web page, once running the code will have no way to overwrite >> > Firefox's binary executable, and implant >> > itself in Firefox, or any other operating system executable. As soon as >> > you log out or reboot, it's gone. The >> scope >> > of the damage is limited to wiping files in your home directory, and >> > that's about it >> >> this as a very naive point of view >> you do not need to change system-binaries >> >> it is enough to place you executeable in the userhome, start >> it with the desktop and let connect it to a remote-server to >> have a shell and break any privacy of the user >> >> how many users would recognize such intrusion? > > How many users will see some mysterious unknown executable on their desktop, > and automatically execute it?
are you really that naive? why do you think it needs to be on the desktop and manually started? ~/.config/autostart/your-damned-code.desktop > the damage is limited to wiping files in your home directory, > and that's about it and BTW - the system can be reinstalled easily, you work data are not on a public mirror or install ISO
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
