Full Disclosure mailing list archives
RE: M$ - so what should they do?
From: "Bruce Ediger" <eballen1 () qwest net>
Date: Mon, 21 Jun 2004 21:52:36 -0600 (MDT)
On Mon, 21 Jun 2004, joe wrote:
I am not sure I agree with the first thing. Actually I think it helps in that it is easier for people to know something is executable veruss having to look at additional attributes to see if something is executable.
I think that making the name of a file determine whether it counts as "executable" or not conflates two distinct properties: (i) name, (ii) executableness Don't most of the "worms" like Bagel and Netsky depend on this sort of thing? Naming a file "xyz.pif" or "abc.scr" makes it executable. Clearly the "name making a file executable" contributes rather dramatically to the ease of constructing email "worms". Since so many "extensions" make a file executable, your point is basically wrong. You can't look at a file extension and know whether naming a file with that extension will cause Windows to consider it "executable" or "not executable".
What security benefit do you see for the second thing?
Here, the "second thing" is getting rid of magic, in-every-directory device files like "CON" or "AUX" or an undocumented host of others. I don't happen to believe in the badness of magic files as such, merely that having some magic file names really confuses things. This property has caused problems over and over through the years: http://www.securityfocus.com/archive/1/322941/2003-05-25/2003-05-31/2 http://www.microsoft.com/technet/security/bulletin/ms00-017.mspx http://support.microsoft.com/default.aspx?scid=kb;en-us;256015 And probably others. The point is that a "DIR" (or whatever) doesn't show these magic files, but doing an "open()" works fine. It's an exception to a usual rule about how file names work. Clearly, as evidenced above, it causes problems over and over. Exceptional cases are bad. Note that Unix/Linux/Plan 9/others get this sort of thing correct. Magic files like /dev/null or /dev/tty show up when you run "ls" or do opendir()/readdir(). Yeah, they're magic in some sense or another, but they follow all the rules that other files follow with their names. And you have to open them by path "/dev/null". Just opening "null" won't hurt, unless the current directory happens to be "/dev". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: M$ - so what should they do?, (continued)
- Re: M$ - so what should they do? Ondrej Krajicek (Jun 21)
- Re: M$ - so what should they do? Michael Schaefer (Jun 21)
- RE: M$ - so what should they do? Dave D. Cawley (Jun 21)
- Re: M$ - so what should they do? Ondrej Krajicek (Jun 21)
- Re: M$ - so what should they do? fd (Jun 21)
- RE: M$ - so what should they do? joe (Jun 21)
- Re: M$ - so what should they do? Bruce Ediger (Jun 21)
- Re: M$ - so what should they do? KF (lists) (Jun 21)
- RE: M$ - so what should they do? joe (Jun 21)
- Re: M$ - so what should they do? Valdis . Kletnieks (Jun 21)
- RE: M$ - so what should they do? Bruce Ediger (Jun 21)
- Re: M$ - so what should they do? Valdis . Kletnieks (Jun 22)
- RE: M$ - so what should they do? joe (Jun 21)
- RE: M$ - so what should they do? Eric Paynter (Jun 21)
- RE: M$ - so what should they do? joe (Jun 21)
- Re: M$ - so what should they do? Valdis . Kletnieks (Jun 21)
- RE: M$ - so what should they do? Eric Paynter (Jun 21)
- Re: PLEASE QUIT YACKING ABOUT M$ Steffen Schumacher (Jun 22)
- Re: PLEASE QUIT YACKING ABOUT M$ Billy B. Bilano (Jun 22)
- RE: PLEASE QUIT YACKING ABOUT M$ Sean Crawford (Jun 22)
- Re: M$ - so what should they do? Aditya, ALD [ Aditya Lalit Deshmukh ] (Jun 22)