Package pruning for FC4 and beyond
Alan Cox
alan at redhat.com
Tue Mar 1 15:25:32 UTC 2005
On Tue, Mar 01, 2005 at 06:33:51AM -0800, Rahul Sundaram wrote:
> Alan, can you please clarify that statement. its
> redundant obviously but why is it dangerous?
The various "automatically run" tools get dangerous because they provide paths
for exploits. There is the obvious binary approach (eg a Windows CD that
has autorun of format/u c: and is labelled PORN) but there are more subtle
tricks too - CD's with movies on them that exploit older video players, or
with html and images that exploited linux/windows image viewer holes.
It's a trust thing.
Alan
More information about the fedora-devel-list
mailing list