On Tue Feb 24 23:44, Yves-Alexis Perez wrote: > On mar, 2009-02-24 at 17:33 -0500, Michael S. Gilbert wrote: > > here is > > a .desktop file that looks like it is iceweasel, but really it > > downloads an essentially random file, but I could have made it do > > pretty much anything. > > Yes, tests may need to be narrowed. That should be part of the spec, > though. Speaking as someone with a PhD in computer security (and my PhD was in this area) I can tell you that trying to use heuristics in order to determine if something is 'bad' does not, and it's fairly widely recognised cannot, work. You are ipso facto providing an oracle to the attacker and he will craft something that looks sufficiently plausible, passes the checks, but is malicious. I firmly agree with Michael that the only good solution is to require explicit marking or .desktop files in some fashion. Owned by root is probably fine (since you've basically already lost if that's the case) as is setting the execute bit (but things should be cautious as always about setting it) Matt -- Dr Matthew Johnson
Attachment:
signature.asc
Description: Digital signature