Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

Adam Williams wrote:
1. Windows hides the .exe
2. Even if windows does not have the .exe, the users are able to execute
attached programs.

So you're advocating that all users know what .exe means.  Oh, and .pl,
.py, .sh, etc etc.  Yes, that's really a solution... not.
Or are you advocating that we kill email functionality by disallowing
the manual opening of attachments to protect the user?

This debate is ludicrous.

A - You can't execute a program on UNIX that isn't set as executable. Someone makes temporary files as executable? Not that I've ever seen.

$ ls -l /tmp/foo
-rw-r--r--    1 esoteric users           5 2003-12-26 17:52 /tmp/foo
$ cat /tmp/foo
$ /bin/sh /tmp/foo
Fri Dec 26 17:53:55 EST 2003

/tmp/foo is not executable.

It would depend on how it is called. I don't know, but I suspect that nautilus calls /bin/sh to execute in such a case?

Until later, Geoffrey	esoteric 3times25 net

Building secure systems inspite of Microsoft

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]