[vox-tech] Linux's Vulnerability to E-mail Viruses

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Thu, 25 Apr 2002 01:21:21 -0400


On Wed, Apr 24, 2002 at 10:00:56PM -0700, Micah Cowan wrote:
> On Wed, 2002-04-24 at 21:21, Richard S. Crawford wrote:
> > I'm operating under the assumption that while viruses for Linux that
> > spread like Windows viruses are very rare, there are still some out
> > there.
> > 
> > So, given that, what level of vigilance is necessary against incoming
> > viruses in a Linux system?
> 
> ...Linux has no problems of this sort, for the simple reason that nobody
> has been stupid enough to write mail clients which are capable of
> automatically running executables.

  I'm not sure I agree about open-software developers 'not being stupid
enough to automatically run executables'... from the angle of most 
open-software programs have a few buffer overrun bugs and depending
on exactly how the overrun is arranged many of these are as good as
"execute the following machine instructions for me please", when in the
hands of someone intimately familiar with the target environment.


  There have been a number of bugs in mail handling components which 
translate to automatic stack overflows in the the system.  Bugs in
fetchmail, procmail, and mutt all come to mind.  Although I don't think
any proof of concept demos where created.

  There are also some very user friendly email clients which, may not
ship with the option on but, can be asked to automatically open
files of certain mime-types with a specific program.  If the processing
program (like xpdf, mozilla, etc) has *ANY* stack overflow from input
file style bugs this would also provide an automatic method into
the machine for users of those clients.

  Until all programming switches to a languages or environments which
remove overrun possibilities there will always be a risk.

   Later,
     Mike

(java is *not* the solution... but perl might be ;)