[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]
Re: st: Security. Was: Clickable examples in ado help files
Ulrich Kohler <email@example.com> asks,
> [...] I wonder how far the "F" package directive introduces a security
> problem. What happens if a malicious person puts a virus into myexample.exe
> and let the user download this program with the "F" directive? In this case
> myexample.ado could enclose a caller to myexample.exe. Clearly this would be
> possible with the "f"-directive as well, but in this case myexample.ado can
> not really know where myexample.exe is stored.
Ulrich is right to worry, but in this case I do not think there is much danger:
1. Ulrich is right that "F" could be used to deliver a virus.
2. The next problem the virus writer faces is getting the virus to be
executed, so that it can do its damage. Where Stata stores files was
carefully located *OUTSIDE* the executable path, so the infected
executable could not be accidently invoked by the user.
3. In Stata, The act of downloading does *NOT* cause automatic
execution. The names of the files downloaded are always listed and
whether the newly downloaded materials are ever executed is left up to
4. All users should engage in safe computing: download files only from
trusted sites. www.stata.com is one, the Boston archive is another.
So far, all Stata user sites have been safe, but even so, I only
download from user sites if the user is active in the Stata community
and therefore someone I "know". If I download from a site I know
little about, I look at what was downloaded before executing it.
5. The hole opened by "F" is a delivery hole. There are, in fact,
lots of ways I can get files delivered to your computer, either
with Stata or without it. Were I a virus writer, I would find those
other methods easier to use. Nothing beats email.
6. Actually, if one is sufficiently clever, one realizes that no new hole
was opened by "F", either inside our outside of Stata. The point is,
Stata's ability to download user-written programs is a delivery
method, and *ANY* delivery method can be used to deliver a virus.
7. What makes viruses such a problem is that they spread. Stata's
downloading capabilities are not automatic and therefore, while
they could be used for initial delivery, they are next to useless
for spreading the virus.
It is true that, sitting here in my office, I can carefully concoct a
virus to do damage to Ulrich. Having done that, I would then need
to convince Ulrich (1) to take the positive actions necessary to
download the virus and (2) to take the positive actions necessary to
execute it. Even so, having done all that, I would only have infected
Ulrich. The method used for original delivery would be of no use for
subsequent spreading. So either (a) I have a virus that does not
spread, and there's no fun in that, or (b) I use some other non-Stata
method to spread the virus. If (b), then we have just established
there is a better virus delivery method than Stata, so of course,
I would start by using that.
8. Even ignoring all of the above, Stata records the source of
every file downloaded, making it easier to trace the virus writers.
* For searches and help try: