Re: head off email viruses: distinguishing documents from executables?



El mar, 04-11-2003 a las 13:16, Fabio Gomes de Souza escribió:
> Carlos Perelló Marín wrote:
> 
> > 
> > The main difference between Linux and Windows is that you must give the
> > execution flag to that file so it will never be executed until you allow
> > it.
> 
> Hmm. When we untar an archive, its files may already come with the 
> executable flag set.

True, but you should untar it before you can execute it. "The GNOME way"
to open that tar (file-roller) will not let you execute it, only view
the files. We should help the user, but prevent for execute files that
he/she wants to execute...

> 
> IMHO, what we should do about GNOME desktop security is make sure it 
> ALWAYS behaves this way.
> 
> Some important things to mention in future development are:
> 
> - Default (factory) file associations: Nautilus should never come with 
> built-in file associations to script interpreters, say:
> 	- .pl to /usr/bin/perl
> 	- .php to /usr/bin/php
> 	- .sh to /bin/bash
> 	- .py to /usr/bin/python
> and so on. This list should be extended to every file association that 
> could lead to execution of arbitrary commands. The work of choosing an 
> interpreter must be left to the kernel and the shell. While this not 
> kills the entire problem (ie.: some apps have buffer overflows when 
> processing documents), it's a nice beginning.

Of course, nautilus should not open an script but the applications
buffer overflows are applications bugs (and they should be fixed instead
of add nautilus "hacks" to workaround those bugs), we  cannot prevent it
without removing the nautilus application launch feature...

> 
> If the user wants to make these associations by hand, it's his problem.
> 
> Additionaly, some security audits could be done in applications such as 
> file-roller to avoid social engineering by introducing some warnings.

I agree.

> 
> Maybe GNOME needed a security team. Any toughts?
> 
> Steven, do you want to discuss this a bit more? :-)

Cheers.

> 
> -- 
> Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)
> 
> .- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
> |- IT Infrastructure :: Security :: Embedded systems :: Linux
> `- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br
-- 
Carlos Perelló Marín
Debian GNU/Linux Sid (PowerPC)
Linux Registered User #121232
mailto:carlos pemas net || mailto:carlos gnome org
http://carlos.pemas.net
Valencia - Spain

Attachment: signature.asc
Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]