Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.

From: Dan Winship <danw ximian com>
To: Miguel de Icaza <miguel ximian com>
Cc: nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
Subject: Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
Date: 24 May 2001 22:45:15 +0500

On 24 May 2001 00:00:49 -0400, Miguel de Icaza wrote:
> > what if someone distributes a malicious elf/a.out binary as
> > foo-1.5-2.i386.rpm the user will open the file with gmc/nautilus and
> > instead of telling the user "no viewer capable of opening this file" (or
> > whatever it says when someone runs a binary w/o the execute bit) it will
> > set the execute bit and run the file. boom!
> 
> I have said this a couple gazillion of times.  But here it goes
> gazillion plus one:
> 
> 	He will get a warning that the program is about to be executed
> 	and that it lacks a security bit.

And for the gazillion and oneth time on the other side: IT DOESN'T
MATTER. It doesn't matter how many warnings the user gets. It doesn't
matter how dire they are. You can pop up a dialog that says "If you
proceed, your children will be kidnapped, tortured, and murdered", and
*THEY'LL STILL CLICK "OK"* because they want to see the funny joke
they've been promised is in the attachment. This has been demonstrated
time and time again in the Outlook world. The so-called "security fixes"
for Outlook have done almost nothing to slow the spread of viruses.

Do you really think that your mom would know that double-clicking an RPM
is not supposed to pop up a dialog talking about a security bit?

Here's another scenario. I send out a message with two attachments
"foo.jpg" and "foo-no-security-bit.jpg". The first contains random data,
the second contains a trojan horse. I mention in the message that some
versions of Evolution don't properly handle the "security bit" in the
first image, so I've also attached a second copy without the security
bit set. Recipient tries to view the first attachment, but it doesn't
work (cause it's random data). User then tries to view the second
attachment, the exe handler warns that he's trying to execute a binary
without the security bit set, and the user clicks "ok", because after
all, the message already told him to expect that, right? Boom.

If you feel comfortable shipping the exe-handler without a warning
dialog, well, then, go ahead, I guess (but please don't tie it into
gnome-vfs!). But don't kid yourself into believing that a warning
message will make it any more secure.

-- Dan

PS - Oh, and not all OSes use ELF/a.out. You need something more
generic.

Follow-Ups:
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Ben Ford
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Elliot Lee

References:
- [Nautilus-list] Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Evandro Fernandes Giovanini
- Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]