| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: eballen1 at qwest.net (Bruce Ediger) Subject: M$ - so what should they do? On Mon, 21 Jun 2004, joe wrote: > I am not sure I agree with the first thing. Actually I think it helps in > that it is easier for people to know something is executable veruss having > to look at additional attributes to see if something is executable. I think that making the name of a file determine whether it counts as "executable" or not conflates two distinct properties: (i) name, (ii) executableness Don't most of the "worms" like Bagel and Netsky depend on this sort of thing? Naming a file "xyz.pif" or "abc.scr" makes it executable. Clearly the "name making a file executable" contributes rather dramatically to the ease of constructing email "worms". Since so many "extensions" make a file executable, your point is basically wrong. You can't look at a file extension and know whether naming a file with that extension will cause Windows to consider it "executable" or "not executable". > What security benefit do you see for the second thing? Here, the "second thing" is getting rid of magic, in-every-directory device files like "CON" or "AUX" or an undocumented host of others. I don't happen to believe in the badness of magic files as such, merely that having some magic file names really confuses things. This property has caused problems over and over through the years: http://www.securityfocus.com/archive/1/322941/2003-05-25/2003-05-31/2 http://www.microsoft.com/technet/security/bulletin/ms00-017.mspx http://support.microsoft.com/default.aspx?scid=kb;en-us;256015 And probably others. The point is that a "DIR" (or whatever) doesn't show these magic files, but doing an "open()" works fine. It's an exception to a usual rule about how file names work. Clearly, as evidenced above, it causes problems over and over. Exceptional cases are bad. Note that Unix/Linux/Plan 9/others get this sort of thing correct. Magic files like /dev/null or /dev/tty show up when you run "ls" or do opendir()/readdir(). Yeah, they're magic in some sense or another, but they follow all the rules that other files follow with their names. And you have to open them by path "/dev/null". Just opening "null" won't hurt, unless the current directory happens to be "/dev".
Powered by blists - more mailing lists