Re: Why file content sniffing sucks

From: iain <iain prettypeople org>
To: Colin Walters <walters verbum org>
Cc: gnome-devel-list gnome org
Subject: Re: Why file content sniffing sucks
Date: Wed, 24 Dec 2003 19:16:24 +0000

On Wed, 2003-12-24 at 13:36 -0500, Colin Walters wrote:
> On Wed, 2003-12-24 at 11:25, iain wrote:
> 
> > Hmmm, dunno, dunno, oh jpg...whoops, no, it was an executable trojan
> > renamed to a jpg to trick me into running it.
> 
> What do you mean, "trick you into running it"?  If Nautilus detects it
> as a JPEG due to the .jpg extension, it's not going to give you the
> option to execute it as a binary.

It was an example of why extension sniffing was bad.
What if the executable bit is set, will it try to execute it?

iain
--

Follow-Ups:
- Re: Why file content sniffing sucks
  - From: Colin Walters

References:
- Why file content sniffing sucks
  - From: Fabio Gomes
- Re: Why file content sniffing sucks
  - From: Jeff Waugh
- Re: Why file content sniffing sucks
  - From: Pat Smith
- Re: Why file content sniffing sucks
  - From: iain
- Re: Why file content sniffing sucks
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]