[1295] in bugtraq
Re: MIME question...
daemon@ATHENA.MIT.EDU (Doug Hughes)
Fri Mar 17 18:29:24 1995
Date: Fri, 17 Mar 1995 14:34:57 -0600 (CST)
From: Doug Hughes <doug@Eng.Auburn.EDU>
To: robert owen thomas <rthomas@pamd.cig.mot.com>
Cc: bugtraq@fc.net
In-Reply-To: <9503171139.ZM12439@pamd.cig.mot.com>
On Fri, 17 Mar 1995, robert owen thomas wrote:
> has anyone on this list heard of an "auto-execute MIME extension"? is
> this an issue? the question arose when i doubted the likelihood of
> a "virus" being launched via reading an e-mail message.
>
> your thoughts?
> --
>
> o robert owen thomas: Unix consultant. MAILER-DAEMON. user scratching post. o
> o e-mail: rthomas@pamd.cig.mot.com --or-- robt@cymru.com o
> o vox: 708.632.5768 fax: 708.632.5694 o
> o -- System Administrator's Dictionary -- o
> o user (you'zer) n. 1 A waste of system resources; an unwanted load o
> o on the processor(s) of a Unix system. 2 Someone who uses Caps Lock. o
>
Sure, you should be careful with MIME. It's very powerful, but with
this power comes vulnerability.. Particularly:
Postscript - don't have a postscript auto-launcher unless it goes directly
to a printer
Tcl - safetcl is purported to be okay for MIME.
Perl - such a powerful language, wouldn't want it as part of MIME auto-reader
though.
in general anything that launches a viewer that is part of a programming
or scripting environment can be extremely dangerous because of file
operations.
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug@eng.auburn.edu
"Real programmers use cat > file.as"
