Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- From: Geoffrey <esoteric 3times25 net>
- To: Gnome List <gnome-list gnome org>
- Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- Date: Fri Dec 26 17:54:46 2003
Adam Williams wrote:
1. Windows hides the .exe
2. Even if windows does not have the .exe, the users are able to execute
So you're advocating that all users know what .exe means. Oh, and .pl,
.py, .sh, etc etc. Yes, that's really a solution... not.
Or are you advocating that we kill email functionality by disallowing
the manual opening of attachments to protect the user?
This debate is ludicrous.
A - You can't execute a program on UNIX that isn't set as executable.
Someone makes temporary files as executable? Not that I've ever seen.
$ ls -l /tmp/foo
-rw-r--r-- 1 esoteric users 5 2003-12-26 17:52 /tmp/foo
$ cat /tmp/foo
$ /bin/sh /tmp/foo
Fri Dec 26 17:53:55 EST 2003
/tmp/foo is not executable.
It would depend on how it is called. I don't know, but I suspect that
nautilus calls /bin/sh to execute in such a case?
Until later, Geoffrey esoteric 3times25 net
Building secure systems inspite of Microsoft
] [Thread Prev