On Tue, 24 Feb 2009 23:36:38 +0000 Matthew Johnson <mjj29@debian.org> wrote: > On Tue Feb 24 23:44, Yves-Alexis Perez wrote: > > On mar, 2009-02-24 at 17:33 -0500, Michael S. Gilbert wrote: > > > here is > > > a .desktop file that looks like it is iceweasel, but really it > > > downloads an essentially random file, but I could have made it do > > > pretty much anything. > > > > Yes, tests may need to be narrowed. That should be part of the spec, > > though. > > Speaking as someone with a PhD in computer security (and my PhD was in > this area) I can tell you that trying to use heuristics in order to > determine if something is 'bad' does not, and it's fairly widely > recognised cannot, work. Not only widely recognised, it's proven. People with or without a PhD might look up the halting problem. > I firmly agree with Michael that the only good solution is to require > explicit marking or .desktop files in some fashion. Isn't downloading something, putting it on the desktop and clicking on it a strong enough indication of the user's will to execute whatever it is? If he does all this without blinking once, he surely wouldn't have any concerns about setting the x bit, if that gets him what he wants, i.e. to execute the file. As long as most people think, that embedded scripts, programmes opening all sorts of crap automatically and .dektop files are really a great idea, trouble won't be amiss, no matter how many warning pop-ups, checks or blocks you put in front. I fear the day, when I can download soft links and disguise shell scripts as pictures. Cheers, harry
Attachment:
signature.asc
Description: PGP signature