Stata The Stata listserver
[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]

Re: st: Security. Was: Clickable examples in ado help files

From   Ulrich Kohler <>
Subject   Re: st: Security. Was: Clickable examples in ado help files
Date   Fri, 19 Sep 2003 17:02:50 +0200

Very clear, as always, and convincing enough for me.  Thank you very much. 


William Gould, Stata wrote:
> Ulrich Kohler <> asks,
> > [...] I wonder how far the "F" package directive introduces a security
> > problem. What happens if a malicious person puts a virus into
> > myexample.exe and let the user download this program with the "F"
> > directive?  In this case myexample.ado could enclose a caller to
> > myexample.exe. Clearly this would be possible with the "f"-directive as
> > well, but in this case myexample.ado can not really know where
> > myexample.exe is stored.
> Ulrich is right to worry, but in this case I do not think there is much
> danger:
>     1.  Ulrich is right that "F" could be used to deliver a virus.
>     2.  The next problem the virus writer faces is getting the virus to be
>         executed, so that it can do its damage.  Where Stata stores files
> was carefully located *OUTSIDE* the executable path, so the infected
> executable could not be accidently invoked by the user.
>     3.  In Stata, The act of downloading does *NOT* cause automatic
>         execution. The names of the files downloaded are always listed and
>         whether the newly downloaded materials are ever executed is left up
> to the user.
>     4.  All users should engage in safe computing:  download files only
> from trusted sites. is one, the Boston archive is another.
> So far, all Stata user sites have been safe, but even so, I only download
> from user sites if the user is active in the Stata community and therefore
> someone I "know".  If I download from a site I know little about, I look at
> what was downloaded before executing it.
>     5.  The hole opened by "F" is a delivery hole.  There are, in fact,
>         lots of ways I can get files delivered to your computer, either
>         with Stata or without it.  Were I a virus writer, I would find
> those other methods easier to use.  Nothing beats email.
>     6.  Actually, if one is sufficiently clever, one realizes that no new
> hole was opened by "F", either inside our outside of Stata.  The point is,
> Stata's ability to download user-written programs is a delivery method, and
> *ANY* delivery method can be used to deliver a virus.
>     7.  What makes viruses such a problem is that they spread.  Stata's
>         downloading capabilities are not automatic and therefore, while
>         they could be used for initial delivery, they are next to useless
>         for spreading the virus.
>         It is true that, sitting here in my office, I can carefully concoct
> a virus to do damage to Ulrich.  Having done that, I would then need to
> convince Ulrich (1) to take the positive actions necessary to download the
> virus and (2) to take the positive actions necessary to execute it.  Even
> so, having done all that, I would only have infected Ulrich.  The method
> used for original delivery would be of no use for subsequent spreading.  So
> either (a) I have a virus that does not spread, and there's no fun in that,
> or (b) I use some other non-Stata method to spread the virus.  If (b), then
> we have just established there is a better virus delivery method than
> Stata, so of course, I would start by using that.
>     8.  Even ignoring all of the above, Stata records the source of
>         every file downloaded, making it easier to trace the virus writers.
> -- Bill
> *
> *   For searches and help try:
> *
> *
> *


*   For searches and help try:

© Copyright 1996–2021 StataCorp LLC   |   Terms of use   |   Privacy   |   Contact us   |   What's new   |   Site index