[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]
Re: st: Security. Was: Clickable examples in ado help files
Very clear, as always, and convincing enough for me. Thank you very much.
William Gould, Stata wrote:
> Ulrich Kohler <firstname.lastname@example.org> asks,
> > [...] I wonder how far the "F" package directive introduces a security
> > problem. What happens if a malicious person puts a virus into
> > myexample.exe and let the user download this program with the "F"
> > directive? In this case myexample.ado could enclose a caller to
> > myexample.exe. Clearly this would be possible with the "f"-directive as
> > well, but in this case myexample.ado can not really know where
> > myexample.exe is stored.
> Ulrich is right to worry, but in this case I do not think there is much
> 1. Ulrich is right that "F" could be used to deliver a virus.
> 2. The next problem the virus writer faces is getting the virus to be
> executed, so that it can do its damage. Where Stata stores files
> was carefully located *OUTSIDE* the executable path, so the infected
> executable could not be accidently invoked by the user.
> 3. In Stata, The act of downloading does *NOT* cause automatic
> execution. The names of the files downloaded are always listed and
> whether the newly downloaded materials are ever executed is left up
> to the user.
> 4. All users should engage in safe computing: download files only
> from trusted sites. www.stata.com is one, the Boston archive is another.
> So far, all Stata user sites have been safe, but even so, I only download
> from user sites if the user is active in the Stata community and therefore
> someone I "know". If I download from a site I know little about, I look at
> what was downloaded before executing it.
> 5. The hole opened by "F" is a delivery hole. There are, in fact,
> lots of ways I can get files delivered to your computer, either
> with Stata or without it. Were I a virus writer, I would find
> those other methods easier to use. Nothing beats email.
> 6. Actually, if one is sufficiently clever, one realizes that no new
> hole was opened by "F", either inside our outside of Stata. The point is,
> Stata's ability to download user-written programs is a delivery method, and
> *ANY* delivery method can be used to deliver a virus.
> 7. What makes viruses such a problem is that they spread. Stata's
> downloading capabilities are not automatic and therefore, while
> they could be used for initial delivery, they are next to useless
> for spreading the virus.
> It is true that, sitting here in my office, I can carefully concoct
> a virus to do damage to Ulrich. Having done that, I would then need to
> convince Ulrich (1) to take the positive actions necessary to download the
> virus and (2) to take the positive actions necessary to execute it. Even
> so, having done all that, I would only have infected Ulrich. The method
> used for original delivery would be of no use for subsequent spreading. So
> either (a) I have a virus that does not spread, and there's no fun in that,
> or (b) I use some other non-Stata method to spread the virus. If (b), then
> we have just established there is a better virus delivery method than
> Stata, so of course, I would start by using that.
> 8. Even ignoring all of the above, Stata records the source of
> every file downloaded, making it easier to trace the virus writers.
> -- Bill
> * For searches and help try:
> * http://www.stata.com/support/faqs/res/findit.html
> * http://www.stata.com/support/statalist/faq
> * http://www.ats.ucla.edu/stat/stata/
* For searches and help try: