Very clear, as always, and convincing enough for me. Thank you very much.
uli
William Gould, Stata wrote:
> Ulrich Kohler <[email protected]> asks,
>
> > [...] I wonder how far the "F" package directive introduces a security
> > problem. What happens if a malicious person puts a virus into
> > myexample.exe and let the user download this program with the "F"
> > directive? In this case myexample.ado could enclose a caller to
> > myexample.exe. Clearly this would be possible with the "f"-directive as
> > well, but in this case myexample.ado can not really know where
> > myexample.exe is stored.
>
> Ulrich is right to worry, but in this case I do not think there is much
> danger:
>
> 1. Ulrich is right that "F" could be used to deliver a virus.
>
> 2. The next problem the virus writer faces is getting the virus to be
> executed, so that it can do its damage. Where Stata stores files
> was carefully located *OUTSIDE* the executable path, so the infected
> executable could not be accidently invoked by the user.
>
> 3. In Stata, The act of downloading does *NOT* cause automatic
> execution. The names of the files downloaded are always listed and
> whether the newly downloaded materials are ever executed is left up
> to the user.
>
> 4. All users should engage in safe computing: download files only
> from trusted sites. www.stata.com is one, the Boston archive is another.
> So far, all Stata user sites have been safe, but even so, I only download
> from user sites if the user is active in the Stata community and therefore
> someone I "know". If I download from a site I know little about, I look at
> what was downloaded before executing it.
>
> 5. The hole opened by "F" is a delivery hole. There are, in fact,
> lots of ways I can get files delivered to your computer, either
> with Stata or without it. Were I a virus writer, I would find
> those other methods easier to use. Nothing beats email.
>
> 6. Actually, if one is sufficiently clever, one realizes that no new
> hole was opened by "F", either inside our outside of Stata. The point is,
> Stata's ability to download user-written programs is a delivery method, and
> *ANY* delivery method can be used to deliver a virus.
>
> 7. What makes viruses such a problem is that they spread. Stata's
> downloading capabilities are not automatic and therefore, while
> they could be used for initial delivery, they are next to useless
> for spreading the virus.
>
> It is true that, sitting here in my office, I can carefully concoct
> a virus to do damage to Ulrich. Having done that, I would then need to
> convince Ulrich (1) to take the positive actions necessary to download the
> virus and (2) to take the positive actions necessary to execute it. Even
> so, having done all that, I would only have infected Ulrich. The method
> used for original delivery would be of no use for subsequent spreading. So
> either (a) I have a virus that does not spread, and there's no fun in that,
> or (b) I use some other non-Stata method to spread the virus. If (b), then
> we have just established there is a better virus delivery method than
> Stata, so of course, I would start by using that.
>
> 8. Even ignoring all of the above, Stata records the source of
> every file downloaded, making it easier to trace the virus writers.
>
> -- Bill
> [email protected]
> *
> * For searches and help try:
> * http://www.stata.com/support/faqs/res/findit.html
> * http://www.stata.com/support/statalist/faq
> * http://www.ats.ucla.edu/stat/stata/
--
[email protected]
*
* For searches and help try:
* http://www.stata.com/support/faqs/res/findit.html
* http://www.stata.com/support/statalist/faq
* http://www.ats.ucla.edu/stat/stata/
