> I'm sorry, maybe I'm missing the point, but what is keeping the user > from deleting the file in Explorer, besides the fact that they may > execute one of them "by accident"? Also, isn't this an issue no matter > what you're doing? That you might do something "by accident" that has > undesired effects? Well, it is a problem with security domains. You can consider that the contents of an email message which you have received from who knows where may not be trusty, but the contents in your hard disk (especially, files forgotten long ago) may not look suspicious to the user, hence he/she may execute them without paying attention to the risks. They are simply "files in the hard disk", not "attachments in a message". - When you receive an email message with Eudora, the attached files travel from one security domain to another without user intervention. User intervention is required (for example) to delete them, with the known risks. A file should never cross the "border" between two security domains without explicit user intervention. For example, with KMail or Netscape (at least the last versions I used), you have to select the attachment and save (or open) it. If you don't select it, it isn't extracted. A MUA and a web browser are security applications. A flaw can lead to a complete system compromise. And don't forget something apparently silly, but important: the less code deals with a suspicious attachment, the less probability of using a security bug. If the attachments are automatically extracted whenever a message is received, and there is a security flaw in the extraction code, it will be possible to exploit it even though the user doesn't open the attachment. Designing software with this kind of precautions is a good thing, IMHO. > I'm sorry, but I have to disagree with you here. It's a windows > feature; when you double-click an executable, it executes. If you > double-click a JPEG, it brings up the default viewer with the JPEG in > it. How is it the fault of Windows that a careless user might > accidentally run an executable? Well, when some smart guy felt innovative and decided that Windows should have a lot of different permissions in files, he somehow forgot to add an "execute" permission. This *is* a problem in a system connected to a network. A file extension is information received form the outside, in the message headers. An execute permission is not transmitted through MIME. Just think about the situation in Unix: unless you are the superuser, you cannot run a program unless it is marked as executable. It is a protection embedded in the operating system, at the program execution system call. And in the command line, if you follow good practice and don't put the current directory in the PATH, you won't execute a file outside of the system directories (or whatever you have in the PATH) by accident, unless you explicitly write the complete path to the program or "./". Is this similar to Windows? ;-) Regards, Borja.
This archive was generated by hypermail 2b30 : Mon Aug 27 2001 - 18:11:59 PDT