[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: .desktop arbitrary program execution

On Wed, Jan 19, 2005 at 04:29:46PM +0100, Florian Weimer wrote:
For complex file formats, there is no clear distinction between
"opening" a file and "executing" it.

Sure there is. For some filetypes execution is an intended effect; that
is, you expect arbitrary code to run. For other filetypes there's an
unexpected side effect that allows arbitrary code to run. In the second
case there's a bug that can be fixed. In the first case you just don't
execute the file if it's from an untrusted source.

Mike Stone

Reply to: