:: Re: [DNG] [devuan-dev] [PATCH] (sec…
Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: tom
Ημερομηνία:  
Προς: dng
Υ/ο: Evilham
Αντικείμενο: Re: [DNG] [devuan-dev] [PATCH] (security) launcher: don't attempt to execute arbitrary binaries
On Mon, 13 Jan 2020 10:27:40 +0100
Evilham via Dng <dng@???> wrote:

> Hello Enrico,
>
> On dt., gen. 07 2020, Enrico Weigelt wrote:
>
> > What might supposed to be convenience functionality, poses a
> > real-life
> > security threat:
> >
> > A user can be tricked be tricked to download malicious code,
> > unpack it with
> > +x permissions (eg. via tar) and execute it by just clicking on
> > the icton.
> > In combination with other techniques (eg. homoglyphs), even more
> > experienced
> > users can be tricked "open" some supposedly harmless file type,
> > while Thunar
> > in fact executes a binary - with full user's privileges. (the
> > same approach
> > is one of the primary infection vectors used by thousands of
> > malwares in
> > Windows world, which already caused gigantic damages).
> >
> > Therefore introduce a new setting and only execute programs if
> > explicitly
> > enabled.
>
>
> That's great!
>
> Have you tried poking Thunar's developers into merging such a
> feature?
> This is where the developers would like such things:
> https://docs.xfce.org/xfce/thunar/bugs
>
> It'd really be the best place for a setting like this to land and
> benefit all Thunar users out there (which are not limited to
> Debian-like or even Linux, but also include the BSDs).
>
> Cheers!
> --
> Evilham
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng


If the user is stupid enough to run random binaries from the internet
no amount of nannyware is going to protect them. All this does is add
another layer of inconvenience and complexity literal computers users
have to work around.

If you have to deal with users like that then set their home
directory's mount with option noexec.

--
_________________________________________
/ There is no character, howsoever good \
| and fine, but it can be destroyed by    |
| ridicule, howsoever poor and witless.   |
| Observe the ass, for instance: his      |
| character is about perfect, he is the   |
| choicest spirit among all the humbler   |
| animals, yet see what ridicule has      |
| brought him to. Instead of feeling      |
| complimented when we are called an ass, |
| we are left in doubt.                   |
|                                         |
| -- Mark Twain, "Pudd'nhead Wilson's     |

\ Calendar"                               /
 ----------------------------------------- 
\
 \
   /\   /\   
  //\\_//\\     ____
  \_     _/    /   /
   / * * \    /^^^]
   \_\O/_/    [   ]
    /   \_    [   /
    \     \_  /  /
     [ [ /  \/ _/
    _[ [ \  /_/