Quote:
Originally Posted by chaley
Actually, I don't care if your machine gets penetrated. I do care that it joins the army of bots sending spam, running DDS attacks, and generally making like unpleasant.
Without looking at the patch, I hope that the executables are 755 or better 555 to prevent drive-by infection.
|
In what way is an ext3 external hard drive/flashdrive partition with ebook files that can be written to by world, a security risk that will lead to my computer becoming part of a botnet?
In what way is this any more dangerous than saving the files to a vfat partition? The sum total of differences is that it will not be mounted noexec, thus aiding portability... because the alternative was saving to vfat.
I desire the files to be vulnerable to drive-by-infection... it requires physical access to the hardware, and the user who uses the drive is drive-by-infecting it with new ebooks and updated metadata -- because said user sure as hell isn't the original owner.
Likewise, the executables must be 777 to allow the user to update calibre.
How is it dangerous for the calibre executables to be editable by world, when to edit them, an attacker must have already pwned your system?
Or stolen the physical drive, which means your security has instantly become a joke.
What precisely is your recommendation for portableizing calibre in a "safer" manner? Keep in mind that data on removable drives is not very secure anyway. Keep in mind that by design, any user who plugs the flashdrive in must be able to use it.