Stata The Stata listserver
[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]

Re: st: Security. Was: Clickable examples in ado help files

From (William Gould, Stata)
Subject   Re: st: Security. Was: Clickable examples in ado help files
Date   Fri, 19 Sep 2003 08:35:42 -0500

Ulrich Kohler <> asks, 

> [...] I wonder how far the "F" package directive introduces a security
> problem. What happens if a malicious person puts a virus into myexample.exe
> and let the user download this program with the "F" directive?  In this case
> myexample.ado could enclose a caller to myexample.exe. Clearly this would be
> possible with the "f"-directive as well, but in this case myexample.ado can
> not really know where myexample.exe is stored.

Ulrich is right to worry, but in this case I do not think there is much danger:

    1.  Ulrich is right that "F" could be used to deliver a virus.

    2.  The next problem the virus writer faces is getting the virus to be 
        executed, so that it can do its damage.  Where Stata stores files was
        carefully located *OUTSIDE* the executable path, so the infected
        executable could not be accidently invoked by the user.

    3.  In Stata, The act of downloading does *NOT* cause automatic 
        execution. The names of the files downloaded are always listed and
        whether the newly downloaded materials are ever executed is left up to
        the user.

    4.  All users should engage in safe computing:  download files only from
        trusted sites. is one, the Boston archive is another.
        So far, all Stata user sites have been safe, but even so, I only
        download from user sites if the user is active in the Stata community
        and therefore someone I "know".  If I download from a site I know
        little about, I look at what was downloaded before executing it.

    5.  The hole opened by "F" is a delivery hole.  There are, in fact, 
        lots of ways I can get files delivered to your computer, either
        with Stata or without it.  Were I a virus writer, I would find those
        other methods easier to use.  Nothing beats email.

    6.  Actually, if one is sufficiently clever, one realizes that no new hole
        was opened by "F", either inside our outside of Stata.  The point is,
        Stata's ability to download user-written programs is a delivery
        method, and *ANY* delivery method can be used to deliver a virus.

    7.  What makes viruses such a problem is that they spread.  Stata's 
        downloading capabilities are not automatic and therefore, while 
        they could be used for initial delivery, they are next to useless 
        for spreading the virus.

        It is true that, sitting here in my office, I can carefully concoct a
        virus to do damage to Ulrich.  Having done that, I would then need 
        to convince Ulrich (1) to take the positive actions necessary to
        download the virus and (2) to take the positive actions necessary to
        execute it.  Even so, having done all that, I would only have infected
        Ulrich.  The method used for original delivery would be of no use for
        subsequent spreading.  So either (a) I have a virus that does not
        spread, and there's no fun in that, or (b) I use some other non-Stata
        method to spread the virus.  If (b), then we have just established
        there is a better virus delivery method than Stata, so of course,
        I would start by using that.

    8.  Even ignoring all of the above, Stata records the source of 
        every file downloaded, making it easier to trace the virus writers.

-- Bill
*   For searches and help try:

© Copyright 1996–2021 StataCorp LLC   |   Terms of use   |   Privacy   |   Contact us   |   What's new   |   Site index