Stephen Samuel
19/12/02, 23:36
It's not always obvious that an archive shouldn't be trusted --
for example, the breakins at the BSD and Sendmail sites.
Trusting directory traversal strings (absolute paths and ../) should
require an explicit request on the part of the user. Just because a
user 'should' be wary of a trojan archive doesn't mean that they
always will be.
Andrew Kopp wrote:
.....
> And to those who extract an un-trusted archive and set the "don't prompt
> me" flag, you really need a lesson in 'basic' (very obvious too!)
> security practices.
--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.
for example, the breakins at the BSD and Sendmail sites.
Trusting directory traversal strings (absolute paths and ../) should
require an explicit request on the part of the user. Just because a
user 'should' be wary of a trojan archive doesn't mean that they
always will be.
Andrew Kopp wrote:
.....
> And to those who extract an un-trusted archive and set the "don't prompt
> me" flag, you really need a lesson in 'basic' (very obvious too!)
> security practices.
--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication, reaching through fear, uncertainty and
doubt to touch the jewel within each person and bring it to life.