Re: DLL hijacking with Autorun on a USB drive

[paul.szabo () sydney edu au]

Valdis.Kletnieks () vt edu wrote:

> > ... The victim is attempting to view a plain text file. Surely
> > that can be done safely?
>
> Only if your OS's security model understands the fact that executable
> code and data belong in different security domains and thus different
> rules should apply about what files to "trust" in each category.

Hmm... an OS that cannot "view" plain-text in a safe manner...
Shame on those who would call that an OS.

Yes, even the Windows security model understands those things.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/