From kmail-devel Fri Oct 25 17:15:17 2002 From: Karl-Heinz Zimmer Date: Fri, 25 Oct 2002 17:15:17 +0000 To: kmail-devel Subject: Re: Might it be possible to comment your LinuxSecurity article? X-MARC-Message: https://marc.info/?l=kmail-devel&m=103556605127643 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-02=_qwXu9h/xbrNBnMi" --Boundary-02=_qwXu9h/xbrNBnMi Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Hi Eric, (I am cc'ing the KMail developers mailing list) I thank you very much, adding my little statement to you page was very kind of you! Cheers Karl-Heinz On Friday 25 October 2002 18:53, Eric B. Lubow wrote: > I understand your frustration completely. I have fixed the article and > reposted it with your email attached. Please let me know if this is > satisfactory. > > -- > Eric Lubow > Guardian Digital Inc. > http://www.guardiandigital.com/ > > On Fri, 25 Oct 2002, Karl-Heinz Zimmer wrote: > > Hi Eric, (I am cc'ing the KMail developers mailing list) > > > > on http://linuxsecurity.com/articles/vendors_products_article-6009.html > > you published part of an article by Zac Jensen stating the following: > > > > (...) > > In KMail, he decided to view the attachment, thinking it was > > simply an image. He clicks it, nothing happens, no viewer, no > > error, nothing but a few seconds of milling around, and then > > more nothing. Then, the wine notification pops up. > > (...) > > > > > > As it turned out now, this description of what happened is a bit > > inaccurate. > > > > Actually (and Zac stated that this is true) the user did the following: > > > > * Click on the attachment > > > > * See an explicit warning dialog (like the one attached to my mail) > > > > * Click on [Open] - which is *not* the default button of that dialog. > > > > So the difference to the facts described in the text cited on your site > > is this: > > > > 1. There was an extra _warning_ dialog telling the user explicitely > > that 'WINE' would be used with this attachment if he clicks on Open. > > > > 2. The user was explicitely told that doing so might compromise the > > system's security. > > > > I don't know if it is possible to add this statement to your > > linuxsecurity.com page, but /if/ it is possible you would do > > me a big favor: > > I am an enthusiastic :-) KMail developer and I got quite frustrated > > by reading this article since we added this warning dialog > > _intentionally_ for the very reason to _prevent_ such virus execution. > > > > OTOH we are discussing this issue currently and considering several > > measures to make it even MORE unlikely that a virus can do harm, > > e.g. by restricting the things that executable attachments are > > allowed to do when called by the user from within KMail... > > > > Best greetings from the river Mosel! (germany) > > > > Karl-Heinz > > > > -- > > Karl-Heinz Zimmer, Senior Software Engineer, Klar=E4lvdalens Datakonsult > > AB =20 > > > > ________________________________________________________________________ > >_ "Why do we have to hide from the police, Daddy?" > > "Because we use vi, son. They use emacs." Dave Fischer, > > 1995/06/19 =2D-=20 Karl-Heinz Zimmer, Senior Software Engineer, Klar=E4lvdalens Datakonsult AB _________________________________________________________________________ "Why do we have to hide from the police, Daddy?" =20 "Because we use vi, son. They use emacs." Dave Fischer, 1995/06/19 --Boundary-02=_qwXu9h/xbrNBnMi Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.1.91 (GNU/Linux) iD8DBQA9uXwqCcaVnbvggDcRAuGYAKD/SrfjPHeuCDvC7xaUBAaxIJZl3ACgvxiB MrTM7Opjzj8mkP6wqY8YVsU= =522H -----END PGP SIGNATURE----- --Boundary-02=_qwXu9h/xbrNBnMi-- _______________________________________________ KMail Developers mailing list kmail@mail.kde.org http://mail.kde.org/mailman/listinfo/kmail