flash on amd64 debian lenny
in [General Linux]
|
Prev: 2010 FIFA World Cup Brazil football jersey
Next: NYC LOCAL: Wednesday 16 June 2010 NYLUG: Rob Spectre on Open Source Television with Boxee
From: Curt on 13 Jun 2010 17:13 On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >> > use the 64 bit nonfree and to hell with potential security wotsits. Pretty scary wotsits. > Only one I got working ... I'm with ya there.
From: The Natural Philosopher on 13 Jun 2010 17:42 Curt wrote: > On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >> use the 64 bit nonfree and to hell with potential security wotsits. > > Pretty scary wotsits. > really? got a link to something describing them? >> Only one I got working ... > > I'm with ya there. Hmm. Not sure there isn't an update to 10.1. Reinstalling the debian package from backports as I speak.. nope. still 10.0.45 MM. I see what you mean they have shut down the 64 bit development tree until the bugs are fixed. Oh well. Since there are only a handful of us poor users on 64 bit flash anyway, is it really a target for exploits?
From: General Schvantzkoph on 13 Jun 2010 18:31 On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: > On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >>> >> use the 64 bit nonfree and to hell with potential security wotsits. > > Pretty scary wotsits. > >> Only one I got working ... > > I'm with ya there. How scary is it really? What can these exploits do on a Linux system?
From: The Natural Philosopher on 13 Jun 2010 18:47 General Schvantzkoph wrote: > On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: > >> On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: >>> use the 64 bit nonfree and to hell with potential security wotsits. >> Pretty scary wotsits. >> >>> Only one I got working ... >> I'm with ya there. > > How scary is it really? What can these exploits do on a Linux system? I suspect in general access anything you as a user running the browser, have privileges to access. I only took a cursory glance, but it looks like the standard 'in principle, a hacker could create a flash file that executed arbitrary code' Now if you are not running as root, that probably wouldn't compromise the operating system, but it might rip through your address books etc.
From: Robert Heller on 13 Jun 2010 19:55
At Sun, 13 Jun 2010 23:47:03 +0100 The Natural Philosopher <tnp(a)invalid.invalid> wrote: > > General Schvantzkoph wrote: > > On Sun, 13 Jun 2010 21:13:27 +0000, Curt wrote: > > > >> On 2010-06-13, The Natural Philosopher <tnp(a)invalid.invalid> wrote: > >>> use the 64 bit nonfree and to hell with potential security wotsits. > >> Pretty scary wotsits. > >> > >>> Only one I got working ... > >> I'm with ya there. > > > > How scary is it really? What can these exploits do on a Linux system? > > I suspect in general access anything you as a user running the browser, > have privileges to access. > > I only took a cursory glance, but it looks like the standard 'in > principle, a hacker could create a flash file that executed arbitrary code' > > Now if you are not running as root, that probably wouldn't compromise > the operating system, but it might rip through your address books etc. The thing with Linux is that 'your address books etc.' is not one thing that 90% of Linux users all use. In the Mess-Windows world you have like 90% (or some such large percentage) of MS-Windows users using Outlook [Express], so a hacker just needs to write code to hack into OE address book, and this will work on a large percentage of mess-windows boxen. Under Linux, the hacker has to write code that can hack, Thunderbird, Evolution, Pine, Elm, etc. Then it has to figure out where things are stored (since different distros might/could build each of the above with different defaults or even ship different versions). From a hacker POV, it is a real complexity mess. Note: This is not a proper end-user problem, since end users pick a (single) tool on a (single) distro and care not how another tool might store stuff on another distro. (Yes, some people play with different distros and different tools, but such people are not typical end-users.) The important bit of advice: don't store things like credit card numbers or on-line banking (and other 'sensitive') passwords in clear text files, that the 'arbitrary code' could get to. -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software -- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database heller(a)deepsoft.com -- Contract Programming: C/C++, Tcl/Tk |