| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: mail at blazde.co.uk (Roland Postle) Subject: Counseling not to use Windows (was Re: Anonymous surfing my ass\!) > because of programming errors. Encoding metadata such as "executableness" > in a filename, for example, is a fundamental design flaw, and one that's > impossible to correct without changing Windows' design. Sorry to pick on your example but an extension merly indicates what kind of data is in the file. A .txt extension suggests that a user might want to hand the file to a program that'll treat the file as plain ASCII, similarly an .exe extension suggests that a user might want to give the file some memory and time slices and treat it as a program in it's own right. You could load the .exe into notepad, and you could execute the .txt file. As for the actual security of whether a user /can/ execute a file, Windows doesn't seperate 'read' and 'execute' privileges well enough. However it's my understanding that's got more to do with the design of the x86 memory architecture than Windows' design. Linux just pretends to seperate 'r' and 'x' privs because it's a unix clone. I'm prepared to stand corrected on that though. I agree completly that Windows does have some fundamental design flaws that prevent it being locally secure. A better example might be the ability of an application to send messages to another application, apparently without regard for who the owner of the target application is. - Blazde
Powered by blists - more mailing lists