On Wed, 01 Sep 2010 08:34:47 +1000, paul.szabo@xxxxxxxxxxxxx said: > Christian Sciberras <uuf6429@xxxxxxxxx> wrote: > > > Why do you say harmless? Because you know a text file can't do > > anything at all. > > Exactly. The victim is attempting to view a plain text file. Surely > that can be done safely? Only if your OS's security model understands the fact that executable code and data belong in different security domains and thus different rules should apply about what files to "trust" in each category. (and yes, "interpreted data" like shell scripts and Java .class files and Flash are the sort of neither-fish-nor-fowl that give security models headaches, so don't bother flaming about that. ;)
Attachment:
pgpfFyo4kdPO9.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/