Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Counseling not to use Windows (was Re: Anonymous surfing my ass\!)
From: full-disclosure () lists netsys com (Roland Postle)
Date: Mon, 15 Jul 2002 19:58:08 +0100

because of programming errors.  Encoding metadata such as "executableness"
in a filename, for example, is a fundamental design flaw, and one that's
impossible to correct without changing Windows' design.

Sorry to pick on your example but an extension merly indicates what kind of
data is in the file. A .txt extension suggests that a user might want to
hand the file to a program that'll treat the file as plain ASCII, similarly
an .exe extension suggests that a user might want to give the file some
memory and time slices and treat it as a program in it's own right. You
could load the .exe into notepad, and you could execute the .txt file.

As for the actual security of whether a user /can/ execute a file, Windows
doesn't seperate 'read' and 'execute' privileges well enough. However it's
my understanding that's got more to do with the design of the x86 memory
architecture than Windows' design. Linux just pretends to seperate 'r' and
'x' privs because it's a unix clone. I'm prepared to stand corrected on that
though.

I agree completly that Windows does have some fundamental design flaws that
prevent it being locally secure. A better example might be the ability of an
application to send messages to another application, apparently without
regard for who the owner of the target application is.

- Blazde



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]