On mar, 2009-02-24 at 23:36 +0000, Matthew Johnson wrote: > Speaking as someone with a PhD in computer security (and my PhD was in > this area) I can tell you that trying to use heuristics in order to > determine if something is 'bad' does not, and it's fairly widely > recognised cannot, work. Well, it depends. I'm not opposed to security (all the contrary, in fact), but it's clearly a tradeoff and at some point it becames useless. > > You are ipso facto providing an oracle to the attacker and he will > craft > something that looks sufficiently plausible, passes the checks, but is > malicious. > > I firmly agree with Michael that the only good solution is to require > explicit marking or .desktop files in some fashion. Owned by root is > probably fine (since you've basically already lost if that's the case) > as is setting the execute bit (but things should be cautious as always > about setting it) Maybe that's what the test should be supposed to do. What I say is that it should be part of the spec. One DE or distro shouldn't do its own stuff privately or it'll fail. Cheers, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part