create a boot-able disk from an iso file

Wed Jan 12 22:07:30 UTC 2011

On 12/01/11 18:34, Nils Kassube wrote:
> Joep L. Blom wrote:
>> On 12/01/11 10:00, Nils Kassube wrote:
>>> Joep L. Blom wrote:
>>>> On 11/01/11 23:42, Nils Kassube wrote:
>>>>> I think root access isn't necessary at all for doing serious
>>>>> damage. For a "normal user" like me, the most valuable data are
>>>>> stored in my home directory and malware running with my
>>>>> privileges can delete all those files. That would probably be
>>>>> the greatest damage that could be done to my system.
>>>>> Furthermore, as a normal user the malware can start applications
>>>>> e.g. to join a botnet and send spam mails. That would also be a
>>>>> major damage, this time for the network, not for my machine. And
>>>>> again root access isn't necessary.
>>>>
>>>> I tend to disagree. Malware has to enter. This of course can occur
>>>> via port 80. However, to run a program an execute command must be
>>>> given and the executable bit must be set. You can install as many
>>>> programs as you want but a program that is not installed by you
>>>> can not run as you and therefore cannot damage your home
>>>> directory.
>>>
>>> I tend to disagree as well. How does malware get into a Windows
>>> system? Usually there is a vulnerability of the browser or email
>>> client or whatever. The same is possible with Linux / Unix
>>> programs. Granted, clicking on an email attachment under Linux
>>> usually isn't as dangerous as it is under Windows because it isn't
>>> automatically executable.
>>
>> How? U agree java-beans and other java snippets have the possibility
>> to execute but in their own memory-segment but can contain malwar.
>
> I think you misunderstood what I wrote: An email attachment is not
> automatically executable with Linux.
>
>> Therefore it is good practice to block it (an add-on for Firefox)
>> and only allow it if you are sure it contains no malware.
>
> Granted, it may be good practice to lock down a system, but a) that can
> be done with Windows systems as well and b) that has nothing to do with
> the initial point I tried to make: You don't need root access to do
> major damage.
>
>> Again, block flash and only allow films you're reasonably sure they
>> are safe or use only Adobe for reading .PDF-files.
>
> No, reading PDF files with Adobe isn't safe either. The Adobe reader has
> been vulnerable on Linux / Unix more than once [1,2].
>
> Anyway, even though it may be quite interesting, I think we are getting
> more and more off topic here. Therefore I'll refrain from further
> comments. Feel free to contact me off-list if you want to continue this
> discussion.
>
>
> Nils
>
> [1]<http://www.h-online.com/security/news/item/Adobe-warns-of-zero-day-vulnerability-in-Reader-and-
> Acrobat-1075787.html>
> [2]<http://www.h-online.com/security/news/item/Adobe-hole-closed-hole-open-1131232.html>
>
Nils,
With respect to OT: I agree.
Joep