Re: Why file content sniffing sucks

On Wed, 2003-12-24 at 13:36 -0500, Colin Walters wrote:
> On Wed, 2003-12-24 at 11:25, iain wrote:
> > Hmmm, dunno, dunno, oh jpg...whoops, no, it was an executable trojan
> > renamed to a jpg to trick me into running it.
> What do you mean, "trick you into running it"?  If Nautilus detects it
> as a JPEG due to the .jpg extension, it's not going to give you the
> option to execute it as a binary.

It was an example of why extension sniffing was bad.
What if the executable bit is set, will it try to execute it?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]