Re: [PMH] Re: [Nautilus-list] Idea for Nautilus and GMC.



> And for the gazillion and oneth time on the other side: IT DOESN'T
> MATTER. It doesn't matter how many warnings the user gets. It doesn't
> matter how dire they are. You can pop up a dialog that says "If you
> proceed, your children will be kidnapped, tortured, and murdered", and
> *THEY'LL STILL CLICK "OK"* because they want to see the funny joke
> they've been promised is in the attachment. This has been demonstrated
> time and time again in the Outlook world. The so-called "security fixes"
> for Outlook have done almost nothing to slow the spread of viruses.

And we keep talking about Outlook.  How many virus/trojans can you
track down in recent history on programs you downloaded from the
network and ran `accidentally' because they had the .exe extension?

Yes, it is a potential hole, but if they downloaded the software from
a web site, and the web site instructs them to do `chmod +x file' to
`see the joke', how is this different from them clicking on the OK
button?  It is not.

> Here's another scenario. I send out a message with two attachments
> "foo.jpg" and "foo-no-security-bit.jpg". The first contains random data,
> the second contains a trojan horse. I mention in the message that some
> versions of Evolution don't properly handle the "security bit" in the
> first image, so I've also attached a second copy without the security
> bit set. Recipient tries to view the first attachment, but it doesn't
> work (cause it's random data). User then tries to view the second
> attachment, the exe handler warns that he's trying to execute a binary
> without the security bit set, and the user clicks "ok", because after
> all, the message already told him to expect that, right? Boom.

You can also send an e-mail saying `please drag the /bin directory
into the trashcan and everything will work just fine'.  People who
dont know will also follow the instructions and ignore warnings. 

> If you feel comfortable shipping the exe-handler without a warning
> dialog, well, then, go ahead, I guess (but please don't tie it into
> gnome-vfs!). But don't kid yourself into believing that a warning
> message will make it any more secure.

Who said I would ship without a warning?  Jesus guys, why dont you go
read the source code I posted before making those claims?

The source code I posted contains the warning message before changing
the execution bit.  

> PS - Oh, and not all OSes use ELF/a.out. You need something more
> generic.

I can add support to those very easily.  Give me the signature for
anything you want supported and it will be added.

Love,
Miguel.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]