lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0406212122410.3389@stratigery>
From: eballen1 at qwest.net (Bruce Ediger)
Subject: M$ - so what should they do?

On Mon, 21 Jun 2004, joe wrote:

> I am not sure I agree with the first thing. Actually I think it helps in
> that it is easier for people to know something is executable veruss having
> to look at additional attributes to see if something is executable.

I think that making the name of a file determine whether it counts as
"executable" or not conflates two distinct properties:

(i) name, (ii) executableness

Don't most of the "worms" like Bagel and Netsky depend on this sort of
thing?  Naming a file "xyz.pif" or "abc.scr" makes it executable.  Clearly
the "name making a file executable" contributes rather dramatically to the
ease of constructing email "worms".  Since so many "extensions" make a
file executable, your point is basically wrong.  You can't look at a file
extension and know whether naming a file with that extension will cause
Windows to consider it "executable" or "not executable".

> What security benefit do you see for the second thing?

Here, the "second thing" is getting rid of magic, in-every-directory
device files like "CON" or "AUX" or an undocumented host of others.

I don't happen to believe in the badness of magic files as such, merely
that having some magic file names really confuses things.  This property
has caused problems over and over through the years:

http://www.securityfocus.com/archive/1/322941/2003-05-25/2003-05-31/2
http://www.microsoft.com/technet/security/bulletin/ms00-017.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;256015

And probably others.  The point is that a "DIR" (or whatever) doesn't
show these magic files, but doing an "open()" works fine.  It's an exception
to a usual rule about how file names work.  Clearly, as evidenced above,
it causes problems over and over.  Exceptional cases are bad.

Note that Unix/Linux/Plan 9/others get this sort of thing correct.
Magic files like /dev/null or /dev/tty show up when you run "ls" or
do opendir()/readdir().  Yeah, they're magic in some sense or another,
but they follow all the rules that other files follow with their names.
And you have to open them by path "/dev/null".  Just opening "null" won't
hurt, unless the current directory happens to be "/dev".


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ