____/ BearItAll on Tuesday 20 November 2007 12:00 : \____
> Peter Köhlmann wrote:
>
>>
>> http://www.heise-security.co.uk/news/99257
>>
>> Again one can see that apple "quality" is about the same as "MS quality"
>>
>
> I didn't know Apple Macs were susseptible to that sort of attack, I still
> tend to think of Apple's as being UNIX-Like, at least in security.
>
> Wouldn't you think that by now MS and Apple, if they are going to insist on
> executing straight from emails, would have wrapped these in a little
> application cage, or at the very least keep them inside the java vm.
>
> Am I getting synical as I get older, but I can't help feeling that a patch
> for this spesific one mentioned will simply try to examine the file further
> to decide if it is a picture or not.
>
> Caging wouldn't be difficult, there is only so much executing that makes
> sense directly from an email, such as the caged launch of a picture or file
> viewer, it could even allow for editors inside the cage to edit and return
> email contents.
What type of person would send a program to someone by E-mail anyway? Other
than that idiocy of wrapping PowerPoint files in a self-contained executable?
There's rarely a reason to allow scripting and execution of file in a mail
client, esp. whilst 98% of all E-mail is spewed by Windows zombies.
> I wonder if Apple still has enough UNIX in it to allow for multiple
> directory caged root levels, I should imagine that in many cases a
> structure that only exists temporarily in ram would do the job.
--
~~ Best of wishes
Roy S. Schestowitz | "Have you compiled your kernel today?"
http://Schestowitz.com | RHAT GNU/Linux | PGP-Key: 0x74572E8E
run-level 2 2007-10-30 19:49 last=
http://iuron.com - help build a non-profit search engine
|
|
