Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)



> > 1. Windows hides the .exe
> > 2. Even if windows does not have the .exe, the users are able to execute
> > attached programs.
> So you're advocating that all users know what .exe means.  Oh, and .pl,
> .py, .sh, etc etc.  Yes, that's really a solution... not.
> Or are you advocating that we kill email functionality by disallowing
> the manual opening of attachments to protect the user?

This debate is ludicrous.

A - You can't execute a program on UNIX that isn't set as executable. 
Someone makes temporary files as executable?  Not that I've ever seen.

B - If your paranoid mount /tmp and /home as "noexec".  Evolution saves
temporary files in /tmp, and everything else a user writes should be in
/home.

So no problem, this doesn't have anything to do with file identification
or e-mail attachments.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]