Vulnerability Development mailing list archives
Re: How to hide a file ?
From: H C <keydet89 () yahoo com>
Date: Wed, 9 Jan 2002 09:22:05 -0800 (PST)
An application that reads data from a file must also be able to act upon that data. If the data includes encoding that can exploit a weakness, just "reading" data doesn't help.
I would agree, but to a degree...depending upon your definition of 'is', of course. ;-) Seriously, what I mean is this...a graphics viewer recognizes a particular format (or two, etc). It figures that for JPEGs, the file header is going to look a certain way, and contain certain information, such as graphic dimensions, etc. Therefore, the 'acting upon the file' consists of grabbing blocks of bytes and arraning them for presentation. None of this has anything to do with executing anything. The process is completely different. For example, on Win32, you have to call the CreateProcess() API in order to execute a file, and that API takes certain arguments. Opening and reading a graphics file for presentation doesn't require this. Now, you may be able to do something in ASM, but that's not my area... __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/
Current thread:
- RE: How to hide a file ?, (continued)
- RE: How to hide a file ? Matthew LaGrange (Jan 08)
- RE: How to hide a file ? John Stauffacher (Jan 08)
- RE: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- Re: How to hide a file ? J. J. Horner (Jan 09)
- Re: How to hide a file ? H C (Jan 09)
- RE: How to hide a file ? John Stauffacher (Jan 08)
- Re: How to hide a file ? Jon Zobrist (Jan 09)
- RE: How to hide a file ? Matthew LaGrange (Jan 08)
- RE: How to hide a file ? Ken Pfeil (Jan 08)
- Re: How to hide a file ? bugtraq (Jan 08)