[OS X TeX] security issue?

Peter Dyballa Peter_Dyballa at Web.DE
Tue Aug 5 00:13:29 CEST 2008


Am 04.08.2008 um 04:16 schrieb Joseph C. Slater PE, PhD:

> I don't know his last name, suggested that uploads be limited to  
> graphics only for fear of a malicious user uploading trojan horses.  
> Only "trusted" users could upload zip, etc, files. Thoughts?


I don't see much sense in uploading executables – there exist links  
(URLs) in Internet. Malware would be detected by ClamXav (http:// 
www.markallan.co.uk/clamXav/) or its command line only version from  
Fink. I'm failing to understand how trojans (greeks in reality) could  
work in Mac OS X – isn't there Launch Service that dictates that only  
a particular application (or a few, sometimes) is right for that type  
of file? And ZIP (self-executable) and PDF (via JavaScript/ECMA  
Script) can be malicious too. When thinking of the Apple Security  
Updates from this year only: each filled once or twice a security  
hole in a graphics format or a graphics application.

An UFS volume as upload area might be useful.

--
Greetings

   Pete

There's no place like 127.0.0.1
			– origin unknown



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/macostex-archives/attachments/20080805/a8711377/attachment.html>


More information about the macostex-archives mailing list