Full Disclosure mailing list archives
Re: DLL hijacking with Autorun on a USB drive
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 1 Sep 2010 00:59:06 +0200
(and yes, "interpreted data" like shell scripts and Java .class files and Flash are the sort of neither-fish-nor-fowl that give security models headaches, so don't bother flaming about that. ;)
OK. Also add exploits in non-executable data as well (such as a certain gif...). What was your point again? Cheers. On Wed, Sep 1, 2010 at 12:56 AM, <Valdis.Kletnieks () vt edu> wrote:
On Wed, 01 Sep 2010 08:34:47 +1000, paul.szabo () sydney edu au said:Christian Sciberras <uuf6429 () gmail com> wrote:Why do you say harmless? Because you know a text file can't do anything at all.Exactly. The victim is attempting to view a plain text file. Surely that can be done safely?Only if your OS's security model understands the fact that executable code and data belong in different security domains and thus different rules should apply about what files to "trust" in each category. (and yes, "interpreted data" like shell scripts and Java .class files and Flash are the sort of neither-fish-nor-fowl that give security models headaches, so don't bother flaming about that. ;)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: DLL hijacking with Autorun on a USB drive, (continued)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Charles Morris (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Charles Morris (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Valdis . Kletnieks (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Christian Sciberras (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive paul . szabo (Aug 31)
- Re: DLL hijacking with Autorun on a USB drive Dan Kaminsky (Aug 31)