|
|
Security ramifications of emailed pkgs - was: How it works
If it is a MacOS X bundle (i.e., a directory), that saves you from a simple e-mail virus that you merely have to receive (like those nasty VBScript Outlook ones): if you get it in email, it will be tarred and encoded - it is static data.
However, it does provide the possibility that opening an attachment can spawn a virus. This, however, is widely the situation on the net and has been for years - open arbitrary things, and you don't know what you'll get. To be responsible, the Mail client ought to somehow tag the attachment as "untrusted", but how you do that in a general way when the attachment is simply a tar file is something I'm unsure about. For example, you might tag the file somehow, but the user might still simply use the standard gnutar to unwrap it. I suppose if the user's doing that, then they're knowledgeable enough not to shoot their own foot, but ya never know..... You could at least hack Mail to check for the filename of the attachment. If it is .app or .rtfd, warn the user about executable code (or does Mail do this already?). For that matter, if an attachment's type is tar, then do a tar -t on it and warn of any files inside it that look like they might have executable code.
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.14 seconds |
|