[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: Might it be possible to comment your LinuxSecurity article?
From: Karl-Heinz Zimmer <khz () kde ! org>
Date: 2002-10-25 17:15:17
[Download RAW message or body]
Hi Eric, (I am cc'ing the KMail developers mailing list)
I thank you very much, adding my little
statement to you page was very kind of you!
Cheers
Karl-Heinz
On Friday 25 October 2002 18:53, Eric B. Lubow wrote:
> I understand your frustration completely. I have fixed the article and
> reposted it with your email attached. Please let me know if this is
> satisfactory.
>
> --
> Eric Lubow
> Guardian Digital Inc.
> http://www.guardiandigital.com/
>
> On Fri, 25 Oct 2002, Karl-Heinz Zimmer wrote:
> > Hi Eric, (I am cc'ing the KMail developers mailing list)
> >
> > on http://linuxsecurity.com/articles/vendors_products_article-6009.html
> > you published part of an article by Zac Jensen stating the following:
> >
> > (...)
> > In KMail, he decided to view the attachment, thinking it was
> > simply an image. He clicks it, nothing happens, no viewer, no
> > error, nothing but a few seconds of milling around, and then
> > more nothing. Then, the wine notification pops up.
> > (...)
> >
> >
> > As it turned out now, this description of what happened is a bit
> > inaccurate.
> >
> > Actually (and Zac stated that this is true) the user did the following:
> >
> > * Click on the attachment
> >
> > * See an explicit warning dialog (like the one attached to my mail)
> >
> > * Click on [Open] - which is *not* the default button of that dialog.
> >
> > So the difference to the facts described in the text cited on your site
> > is this:
> >
> > 1. There was an extra _warning_ dialog telling the user explicitely
> > that 'WINE' would be used with this attachment if he clicks on Open.
> >
> > 2. The user was explicitely told that doing so might compromise the
> > system's security.
> >
> > I don't know if it is possible to add this statement to your
> > linuxsecurity.com page, but /if/ it is possible you would do
> > me a big favor:
> > I am an enthusiastic :-) KMail developer and I got quite frustrated
> > by reading this article since we added this warning dialog
> > _intentionally_ for the very reason to _prevent_ such virus execution.
> >
> > OTOH we are discussing this issue currently and considering several
> > measures to make it even MORE unlikely that a virus can do harm,
> > e.g. by restricting the things that executable attachments are
> > allowed to do when called by the user from within KMail...
> >
> > Best greetings from the river Mosel! (germany)
> >
> > Karl-Heinz
> >
> > --
> > Karl-Heinz Zimmer, Senior Software Engineer, Klarälvdalens Datakonsult
> > AB <mailto:khz@klaralvdalens-datakonsult.se>
> > <mailto:khz@kde.org>
> > ________________________________________________________________________
> >_ "Why do we have to hide from the police, Daddy?"
> > "Because we use vi, son. They use emacs." Dave Fischer,
> > 1995/06/19
--
Karl-Heinz Zimmer, Senior Software Engineer, Klarälvdalens Datakonsult AB
<mailto:khz@klaralvdalens-datakonsult.se> <mailto:khz@kde.org>
_________________________________________________________________________
"Why do we have to hide from the police, Daddy?"
"Because we use vi, son. They use emacs." Dave Fischer, 1995/06/19
[Attachment #3 (application/pgp-signature)]
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic