[OS X TeX] security issue?
Peter Dyballa
Peter_Dyballa at Web.DE
Tue Aug 5 00:13:29 CEST 2008
Am 04.08.2008 um 04:16 schrieb Joseph C. Slater PE, PhD:
> I don't know his last name, suggested that uploads be limited to
> graphics only for fear of a malicious user uploading trojan horses.
> Only "trusted" users could upload zip, etc, files. Thoughts?
I don't see much sense in uploading executables – there exist links
(URLs) in Internet. Malware would be detected by ClamXav (http://
www.markallan.co.uk/clamXav/) or its command line only version from
Fink. I'm failing to understand how trojans (greeks in reality) could
work in Mac OS X – isn't there Launch Service that dictates that only
a particular application (or a few, sometimes) is right for that type
of file? And ZIP (self-executable) and PDF (via JavaScript/ECMA
Script) can be malicious too. When thinking of the Apple Security
Updates from this year only: each filled once or twice a security
hole in a graphics format or a graphics application.
An UFS volume as upload area might be useful.
--
Greetings
Pete
There's no place like 127.0.0.1
– origin unknown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tug.org/pipermail/macostex-archives/attachments/20080805/a8711377/attachment.html>
More information about the macostex-archives
mailing list