[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Mar 14, 2006 at 06:18:55PM +0000, Simon Waters wrote: > John Botwright wrote: > > > > >It should show the > >*executable* file icon because it has the ".exe" suffix on a file named > >"foo.jpg". If it showed an *image* icon next to a file called foo.jpg.bar > >then that would bona-fide design flaw to talk about. Can anyone dispute > >or confirm this please? <snip> > > So precisely the design flaw you claim wasn't there :( > > http://www.theregister.co.uk/2003/02/01/trojan_writers_exploit_outlook_express/ > Blimey! Thanks for finding this Simon - why on earth an attachment needs three extensions I don't know! Probably something to do with marketing; "Our emails have over *three* extensions, compared to the market average of only /one/. Buy Microsoft." <snip> > > > >This is what should happen because we usually want our client to perform > >the immediately obvious action for random files .foo, .bar and .baz > > This is true of everything but arbitrary executables. You really should > handle code which can do arbitrary things to your system differently. > > All untrusted data represents a risk, because the code we handle most of > it with is not 100% solid, but code that can do arbitrary things is by > definitions more of a risk. > I almost completely agree. There must be a line drawn depending on the circumstance but this must be user preference, not design. One of the reasons I believe GNU/Linux is superior is because of this freedom (hence my stupid .mailcap example). > >but it makes my point that you cannot > >label design features as "Lunacy" when they are doing exactly what they > >are supposed to. > > Yes you can, if I release a car with brakes designed to fail if you > don't service it every 10,000 miles, that would be lunacy if it worked > as designed. Running arbitrary ActiveX controls just because they were > signed was a similar lunacy. Starting your networking before your > firewall, similar lunacy.... > No. That example is of a lunatic motive, not design. On the other hand, the bug described in the theregister article you provided is a perfect example of design lunacy, or should I say "multiple personality"? ;) I (incorrectly) believed the OE design was performing correctly when asked to open an email attachment: (i) display icon, (ii) show/hide file extension, based on OS preferences and (iii) pass the attachment to the correct "open" event handler. In reality, the design is flawed because it allowed the wrong icon to be displayed for an exe. A bug to talk about. Neil's explanation of the way outlook works also smacks of similar lunacy, though I would be afraid to comment further in case it turns out to simply be a different design, not a flawed one. <snip> > > I suspect Linux and Access Control Lists will be just as much fun, and I > suspect SELINUX will prove troublesome for similar reasons. Just no one > likes to contemplate the effort in starting again. > Tell me about it! I wanted to try grsecurity but wimped out when I found out it isn't exactly "drop in" replacement!!! I spent 2 years on Linux-From-Scratch and a further 6 months on FreeBSD ports... I never want to have to debug a make failure again!!! Cheers guys, JB
Attachment:
signature.asc
Description: Digital signature