Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

From: Geoffrey <esoteric 3times25 net>
To: Gnome List <gnome-list gnome org>
Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
Date: Fri Dec 26 17:54:46 2003

Adam Williams wrote:

1. Windows hides the .exe
2. Even if windows does not have the .exe, the users are able to execute
attached programs.


So you're advocating that all users know what .exe means.  Oh, and .pl,
.py, .sh, etc etc.  Yes, that's really a solution... not.
Or are you advocating that we kill email functionality by disallowing
the manual opening of attachments to protect the user?



This debate is ludicrous.

A - You can't execute a program on UNIX that isn't set as executable.Someone makes temporary files as executable? Not that I've ever seen.


$ ls -l /tmp/foo
-rw-r--r--    1 esoteric users           5 2003-12-26 17:52 /tmp/foo
$ cat /tmp/foo
date
$ /bin/sh /tmp/foo
Fri Dec 26 17:53:55 EST 2003

/tmp/foo is not executable.

It would depend on how it is called. I don't know, but I suspect thatnautilus calls /bin/sh to execute in such a case?


--
Until later, Geoffrey	esoteric 3times25 net

Building secure systems inspite of Microsoft

References:
- Why file content sniffing sucks
  - From: Fabio Gomes
- Re: Why file content sniffing sucks
  - From: Jeff Waugh
- FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Charles Goodwin
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Charles Goodwin
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Adam Williams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]