<br><br><div class="gmail_quote">2009/10/17 Mathieu Bouchard <span dir="ltr"><<a href="mailto:matju@artengine.ca">matju@artengine.ca</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">On Sat, 17 Oct 2009, András Murányi wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
OK, you're all welcome to crash my pd but not to run hostile code on my machine. Now, we now that the code posted my Claude can eat up our RAM but can it write to an executable region or do other really nasty things? On the other hand - does a fresh copy of Vanilla or extended offer simple ways to run system commands? If yes, no odd stack overflow methods are needed to hack a system.<br>
</blockquote>
<br></div>
Just [textfile] and [soundfiler] are enough to overwrite important files. A user's most important data is typically writable, and write-protected files are usually the files that are easy to reinstall from a DVD or whatever. And then writability is only one half of the problem when you can have your personal data uploaded to your enemies.<br>
</blockquote><div><br>Or a worm/rootkit set up on your box.<br> <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
This also goes for any other code one runs on your system. Max by default isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash interpreters by default aren't any safer, and there isn't any point in banning any of those if your four-year-old daughter still can download random EXE files and run them. And so on.</blockquote>
</div><br>Indeed. What's worse, i download scripts from unknown dudes and run them root on a daily basis (most of them are makefiles ;o) Best way of protection is not to make anyone angry, and reading Kevin Mitnick.<br>
<br>Andras<br>