[PD] denial of service attack
András Murányi
muranyia at gmail.com
Sat Oct 17 02:57:30 CEST 2009
2009/10/17 Mathieu Bouchard <matju at artengine.ca>
> On Sat, 17 Oct 2009, András Murányi wrote:
>
> OK, you're all welcome to crash my pd but not to run hostile code on my
>> machine. Now, we now that the code posted my Claude can eat up our RAM but
>> can it write to an executable region or do other really nasty things? On the
>> other hand - does a fresh copy of Vanilla or extended offer simple ways to
>> run system commands? If yes, no odd stack overflow methods are needed to
>> hack a system.
>>
>
> Just [textfile] and [soundfiler] are enough to overwrite important files. A
> user's most important data is typically writable, and write-protected files
> are usually the files that are easy to reinstall from a DVD or whatever. And
> then writability is only one half of the problem when you can have your
> personal data uploaded to your enemies.
>
Or a worm/rootkit set up on your box.
> This also goes for any other code one runs on your system. Max by default
> isn't any safer than Pd by default, and then Perl/Python/Ruby/Tcl/Lua/Bash
> interpreters by default aren't any safer, and there isn't any point in
> banning any of those if your four-year-old daughter still can download
> random EXE files and run them. And so on.
Indeed. What's worse, i download scripts from unknown dudes and run them
root on a daily basis (most of them are makefiles ;o) Best way of protection
is not to make anyone angry, and reading Kevin Mitnick.
Andras
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20091017/8268ef4e/attachment.htm>
More information about the Pd-list
mailing list