[PD] denial of service attack
Mathieu Bouchard
matju at artengine.ca
Sat Oct 17 02:37:57 CEST 2009
On Sat, 17 Oct 2009, András Murányi wrote:
> OK, you're all welcome to crash my pd but not to run hostile code on my
> machine. Now, we now that the code posted my Claude can eat up our RAM
> but can it write to an executable region or do other really nasty
> things? On the other hand - does a fresh copy of Vanilla or extended
> offer simple ways to run system commands? If yes, no odd stack overflow
> methods are needed to hack a system.
Just [textfile] and [soundfiler] are enough to overwrite important files.
A user's most important data is typically writable, and write-protected
files are usually the files that are easy to reinstall from a DVD or
whatever. And then writability is only one half of the problem when you
can have your personal data uploaded to your enemies.
This also goes for any other code one runs on your system. Max by default
isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash
interpreters by default aren't any safer, and there isn't any point in
banning any of those if your four-year-old daughter still can download
random EXE files and run them. And so on.
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard, Montréal, Québec. téléphone: +1.514.383.3801
More information about the Pd-list
mailing list