Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.

From: Miguel de Icaza <miguel ximian com>
To: Dan Winship <danw ximian com>
Cc: nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
Subject: Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
Date: 24 May 2001 15:36:17 -0400

And for the gazillion and oneth time on the other side: IT DOESN'T
MATTER. It doesn't matter how many warnings the user gets. It doesn't
matter how dire they are. You can pop up a dialog that says "If you
proceed, your children will be kidnapped, tortured, and murdered", and
*THEY'LL STILL CLICK "OK"* because they want to see the funny joke
they've been promised is in the attachment. This has been demonstrated
time and time again in the Outlook world. The so-called "security fixes"
for Outlook have done almost nothing to slow the spread of viruses.


And we keep talking about Outlook.  How many virus/trojans can you
track down in recent history on programs you downloaded from the
network and ran `accidentally' because they had the .exe extension?

Yes, it is a potential hole, but if they downloaded the software from
a web site, and the web site instructs them to do `chmod +x file' to
`see the joke', how is this different from them clicking on the OK
button?  It is not.

Here's another scenario. I send out a message with two attachments
"foo.jpg" and "foo-no-security-bit.jpg". The first contains random data,
the second contains a trojan horse. I mention in the message that some
versions of Evolution don't properly handle the "security bit" in the
first image, so I've also attached a second copy without the security
bit set. Recipient tries to view the first attachment, but it doesn't
work (cause it's random data). User then tries to view the second
attachment, the exe handler warns that he's trying to execute a binary
without the security bit set, and the user clicks "ok", because after
all, the message already told him to expect that, right? Boom.


You can also send an e-mail saying `please drag the /bin directory
into the trashcan and everything will work just fine'.  People who
dont know will also follow the instructions and ignore warnings.

If you feel comfortable shipping the exe-handler without a warning
dialog, well, then, go ahead, I guess (but please don't tie it into
gnome-vfs!). But don't kid yourself into believing that a warning
message will make it any more secure.


Who said I would ship without a warning?  Jesus guys, why dont you go
read the source code I posted before making those claims?

The source code I posted contains the warning message before changing
the execution bit.

PS - Oh, and not all OSes use ELF/a.out. You need something more
generic.


I can add support to those very easily.  Give me the signature for
anything you want supported and it will be added.

Love,
Miguel.

Follow-Ups:
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Dan Winship
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Alexander Skwar

References:
- Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Evandro Fernandes Giovanini
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]