E-mail altered in Ubuntu

[Searching_ _ _]

Quote:

Originally Posted by lotuseclat79

Since the pdf file is an email attachment, Save it to your Desktop (right-click, and select Save As). Then double-click on the pdf file on your Desktop to launch the PDF Reader evince!

Isn't this potentially dangerous if the attatchment is malicious?

Quote:

The premise of this type of 'virus' is simple: Get a user to run an executable attachment you sent them via email.

Firstly, most email clients for Linux will not execute attachments. They might try to open them if they know the extension as an indication for a document or media type (.pdf or other documents for example). But that's about it.

Something that always gets executed when clicked on. And here then is one more step that needs to be taken by the user, which might reduce the success rate of this attack vector a little. The user has to first save the attachment and then double click on it. Because while the email client typically cannot run an executable file, the desktop environment very well can as we will see.

creating a Linux Virus

[Sputnik]

Quote:

Originally Posted by Shankle

I am running Ubuntu 8.10. I searched for evince and it is there. "xpdf" is also there.

I would suggest you uninstall/remove "xpdf" and stick with the default Evince. You might also try using Evolution for your e-mail needs under Ubuntu. In my opinion Thunderbird is a buggy piece (Linux version suffers more errors then the Windows version actually). Evolution however is nice (KMail is recommended by me for KDE users).

[Shankle]

Thanks for replying.
I will remove xpdf.

The reason I don't use Evolution is that they haven't fixed a problem that needs fixing
now for the past 6 months. The problem is that items in the trash CAN'T be deleted.
This is unacceptable. To the best of my knowledge I am not using KDE. I using the other one.

[chronomatic]

Quote:

Originally Posted by Searching_ _ _

Isn't this potentially dangerous if the attatchment is malicious?

Not really.

You are referring (based on your link) to a well known "vulnerability" which allows .desktop "launcher" files to be executed without the x bit being set. This means a kiddie could hide some malicious code inside a .desktop file but change its extension to anything (like .pdf or even .mp3). As a result, the user sees his potential .pdf and he clicks it and it executes some shell script that tampers with the /home directory. What this attack essentially does is bypass one step of getting a script to run (it negates the need for the "chmod a+x" command).

Remember UNIX doesn't recognize file extensions -- that's a Windows thing -- so one can change the extension at will. Extensions in UNIX are only there for humans to see what a file probably is, not what it really is. Normally this is not a problem because even if the file is malicious it won't have executable privileges. And even if one gives it executable privileges, it will only run with the group and user permissions allowed in the DAC.

The problem with this attack, as even the author of the article admits, is that the malware would only compromise the /home directory and would not give the malware access to anything important. So, basically, it comes down to this question: What good is the attack? This is the question I am sure the KDE and Gnome developers have asked themselves, and is likely the reason they have intentionally *not* fixed this "vulnerability." About the only thing the malware could do is resend itself to other people listed in the e-mail client address book. But what good would that be? It would essentially be an "annoyance" type of malware.

About the only thing I can think of that it could be used for is to send spam or to delete files (pictures, mp3's, documents) in the /home directory. Sure, it's not fun having files deleted, but it would be trivial to find and exterminate the malware responsible (it would be a file in the /home directory in plain site) and the Linux hackers would quickly discover what is going on and would have it nipped by sunrise.

[Sputnik]

Quote:

Originally Posted by Shankle

The reason I don't use Evolution is that they haven't fixed a problem that needs fixing
now for the past 6 months. The problem is that items in the trash CAN'T be deleted.
This is unacceptable. To the best of my knowledge I am not using KDE. I using the other one.

You're using GNOME that's right. This problem with the trash seems to be Ubuntu specific to me. Some users report that by removing the "folders.db" file from "./evolution/mail/local" fixes the problem. Make sure you have Evolution closed while removing this file.