[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] M$ - so what should they do?



On Mon, 21 Jun 2004, joe wrote:

> I am not sure I agree with the first thing. Actually I think it helps in
> that it is easier for people to know something is executable veruss having
> to look at additional attributes to see if something is executable.

I think that making the name of a file determine whether it counts as
"executable" or not conflates two distinct properties:

(i) name, (ii) executableness

Don't most of the "worms" like Bagel and Netsky depend on this sort of
thing?  Naming a file "xyz.pif" or "abc.scr" makes it executable.  Clearly
the "name making a file executable" contributes rather dramatically to the
ease of constructing email "worms".  Since so many "extensions" make a
file executable, your point is basically wrong.  You can't look at a file
extension and know whether naming a file with that extension will cause
Windows to consider it "executable" or "not executable".

> What security benefit do you see for the second thing?

Here, the "second thing" is getting rid of magic, in-every-directory
device files like "CON" or "AUX" or an undocumented host of others.

I don't happen to believe in the badness of magic files as such, merely
that having some magic file names really confuses things.  This property
has caused problems over and over through the years:

http://www.securityfocus.com/archive/1/322941/2003-05-25/2003-05-31/2
http://www.microsoft.com/technet/security/bulletin/ms00-017.mspx
http://support.microsoft.com/default.aspx?scid=kb;en-us;256015

And probably others.  The point is that a "DIR" (or whatever) doesn't
show these magic files, but doing an "open()" works fine.  It's an exception
to a usual rule about how file names work.  Clearly, as evidenced above,
it causes problems over and over.  Exceptional cases are bad.

Note that Unix/Linux/Plan 9/others get this sort of thing correct.
Magic files like /dev/null or /dev/tty show up when you run "ls" or
do opendir()/readdir().  Yeah, they're magic in some sense or another,
but they follow all the rules that other files follow with their names.
And you have to open them by path "/dev/null".  Just opening "null" won't
hurt, unless the current directory happens to be "/dev".

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html