Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

From: Fabio Gomes <bugtraq gs2 com br>
To: Charles Goodwin <charlie xwt org>
Cc: Colin Walters <walters verbum org>, gnome-devel-list gnome org, nautilus-list gnome org, Gnome List <gnome-list gnome org>, gnome-vfs-list gnome org
Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
Date: Fri, 26 Dec 2003 00:29:46 -0300

Em Qui, 2003-12-25 às 22:44, Charles Goodwin escreveu:

> A file type is not determined by it's extension.  The
> detection-by-extension ethos is a _hack_.  A hack to make things easy,
> but as with all hacks it has it's drawbacks and some massive ones at
> that.

Not a hack. IMHO, it's a matter of accuracy. Suffix matching is subject
to return wrong results on invalid input, while content sniffing is
subject to return wrong results on _valid_ input.

> affect the user.  Last time I used Nautilus, I could scroll up and down
> and jump between folders without extra pause, whilst Nautilus updates
> itself in the background. 

How often you use Nautilus? If you ever used it to do any serious job,
you will notice that it is almost impossible to deal with large
directories. It takes dozens of seconds rolling the throbber before
showing something. 

> If Nautilus is wrongly detecting a file type it is a _bug_ and should be
> dealt with as such.  It is nothing to do with the system used by
> Nautilus.  Detection of type by file extension is far more error prone
> and relies much more on correctness of user input which is an
> unreasonable expection on lay users.

This is exactly what I am pointing out at
http://lists.gnome.org/archives/nautilus-list/2003-December/msg00264.html

A user can fix a badly-named file, but cannot fix a bug in VFS magic.

> 
> If you are having a problem opening a file in your preferred
> application, that is a shortcoming on behalf of the Nautilus interface
> and is a _bug_ or a _missing_feature_ and should be addressed as such.
> 
> > The bugs present in Micros~1 Windows are not due to file type detection
> > by suffix. 
> 

> Wrong, they are.  By due nature of the ridiculous method, people
> associate .jpg files or .gif files as images.  This introduces a problem
> with visual association.
>
> Somebody gets an email with an attachment such as 'pretty.jpg.exe' or
> 'sexy.gif.pl' and they open it up.  Yes, this is due to file type
> detection by suffix because you are subconciously causing people to
> recognise file types by file suffix and hence they can be easily
> mislead.

Not true. The origin of these vulnerabilities are not the fact of user
visually identifiyng the files as images. The problem is what I've said
above:

1. Windows hides the .exe
2. Even if windows does not have the .exe, the users are able to execute
attached programs.

Even if there was no file extension at all, the users would run the
executable attachments if the mail program allows it.

> 
> You are expecting either 1) an unreasonable level of technical education
> or 2) an unrealistic level of file/email security in order for this not
> to introduce security issues.  Period.

Not me. Current Micros~1 implementations do expect. They say "you are
about to open an executable file" but the user does not know what the
hell an executable file is.

> 
> One goal of Gnome is to make Free Software desktops a global reality (as
> if it already isn't).

This is what I am trying to do. To be a reality, Nautilus must be able
to do serious job.

> Introducing notions that add to the confusion
> just to save a few cpu cycles and/or to make things look snappier

It's not a matter of "looking snapier", but _working efficiently_.

> on-the-surface is no way to achieve that goal; unless you want a buggy,
> insecure system but that niche is already well filled.

You are doing nothing but spreading FUD. Implementing the system you
describe above would not make the above vulnerabilties disappear.

> 
> I wish this pointless discussion would go away.  It's clogging up my
> inbox.  Really, there's some damn clever guys hacking Gnome and this
> fairly important issue will have been rehashed over and over and over
> again by people far more active, informed, and intelligent than either
> you or me.

I try to be the most active, informed and intelligent I can. Everyone
has limits, but if I ever quit trying to be informed, inteligent and
active like you tell you do, I would kill myself. 

If you don't expect traffic from the list, you have the option to
receive it as a digest.

Cheers,

-- 
Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)

.- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
|- IT Infrastructure :: Security :: Embedded systems :: Linux
`- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br

References:
- FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Charles Goodwin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]