Re: head off email viruses: distinguishing documents from executables?

[Fabio Gomes de Souza <bugtraq gs2 com br>]

Carlos Perelló Marín wrote:

> The main difference between Linux and Windows is that you must give the
> execution flag to that file so it will never be executed until you allow
> it.

Hmm. When we untar an archive, its files may already come with the 
executable flag set.

IMHO, what we should do about GNOME desktop security is make sure it 
ALWAYS behaves this way.

Some important things to mention in future development are:

- Default (factory) file associations: Nautilus should never come with 
built-in file associations to script interpreters, say:
	- .pl to /usr/bin/perl
	- .php to /usr/bin/php
	- .sh to /bin/bash
	- .py to /usr/bin/python
and so on. This list should be extended to every file association that 
could lead to execution of arbitrary commands. The work of choosing an 
interpreter must be left to the kernel and the shell. While this not 
kills the entire problem (ie.: some apps have buffer overflows when 
processing documents), it's a nice beginning.

If the user wants to make these associations by hand, it's his problem.

Additionaly, some security audits could be done in applications such as 
file-roller to avoid social engineering by introducing some warnings.

Maybe GNOME needed a security team. Any toughts?

Steven, do you want to discuss this a bit more? :-)

--
Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)

.- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
|- IT Infrastructure :: Security :: Embedded systems :: Linux
`- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br