Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)



> This debate is ludicrous.
> 
> A - You can't execute a program on UNIX that isn't set as executable. 
> Someone makes temporary files as executable?  Not that I've ever seen.
> 
> B - If your paranoid mount /tmp and /home as "noexec".  Evolution saves
> temporary files in /tmp, and everything else a user writes should be in
> /home.
> 
> So no problem, this doesn't have anything to do with file identification
> or e-mail attachments.

But Adam, the executable bit and the "noexec" option only prevents
executables from being run directly. It does not prevent scripts from
being run indirectly, by interpreters, such as "perl myscript.pl" or "sh
myscript.sh". For this reason I insist on people not associating script
filetypes with they interpreters (ie. gnome-vfs not shipping with these
associations included).

-- 
Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)

.- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
|- IT Infrastructure :: Security :: Embedded systems :: Linux
`- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]