[Gllug] p2p programs

[Henry Gilbert]

> Do you mean `image libraries have a lot of security holes in them'?
> Agreed, but no more than other libraries fed untrusted data, many fewer
> than (e.g.) the kernel, and, er, this was a followup to an article in
> which you made the (IMHO ludicrous) claim that Linux boxes with no
> servers running (== no ports in LISTEN state?) were immune to attack, so
> you seem to be contradicting yourself.
>

yes. I do realize the flaw in the argument.
and I can't go back now.

> > But noone got into a Linux box (afaik) via this method
>
> I wish you were right :( there are exploits out there for Firefox which
> rely on holes in libpng, IIRC.
>

I would like to see such exploit in action on Linux.
Don't get me wrong I am sincerely curious at the same time to see a
Linux box compromised via the same ways Windows often are.


By the way lib"images" = libpng, libjpeg, libgif, imlib
I thought that would be intuitive or evident, I guess not.

> > Even an anomalous RTF file can compromise a Windows Box
> > via WordPad. That bug was fixed.
>
> MS are, how should we put it, not the fastest people out there at fixing
> bugs. Mind you Oracle are (much) worse.
>
> --

And yet some posters are saying
Windows XP and Linux Desktop are the same when it comes down to security
- tut tut
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug