[CentOS] Re: What's the Linux equivelant of an exe file?

Bryan J. Smith b.j.smith at ieee.org
Thu Aug 4 15:32:30 UTC 2005 

"Bryan J. Smith" <b.j.smith at ieee.org> wrote:
> The OpenOffice.org installer should setup file associations
> in GNOME and KDE.

If you haven't noticed, UNIX systems _always_ set file
associations in the GUI, not the kernel/UNIX executive
subsystem.  This is a security/safety issue.

Windows _always_ ties associations to the Windows executive. 
That's why if you sent a .jpg file to the Windows executive
thinking it will launch Photoshop, but it begins with "MZ",
Windows will run it as an .exe.  This is a core, inherent
design flaw to Windows itself and if Microsoft changes it,
about 98% of Windows programs out there will break.**

Furthermore, most UNIX GUIs and programs do _not_ trust
extensions, but check the "file magic" (i.e., internal file
format) instead.  Especially when it comes to Internet
programs.  E.g., Mozilla Thunderbird and Ximian Evolution
trust _neither_ the MIME Type declared _nor_ the extension of
the file.  They will immediately tell you what the true
format of the file is (if it is known).

So although Windows has a serious security design flaw in its
executive that can't be changed for compatibility, at least
by using Windows programs (like Mozilla Thunderbird) which
test for "file magic" tremendously help the situation.

File magic is also why most Freedomware-based SMTP gateways
actually prevent executables and other trojan horses from
entering the network, whereas about 80% of the Exchange SMTP
gateway scanners stupidly trust MIME Type and/or extension. 
It's gotten batter in the case of the latter in the last 1-2
years.  But I less than 2 years ago being at 2 Fortune 100
companies that had scanning systems easily bypassed by simply
changing the declared MIME Type or extension allowed me to
bypass the scanning.

-- Bryan

**NOTE:  Does anyone know who I can _shoot_ for creating the
WINE service/kernel .exe support so the Linux
kernel/executive automatically launches WINE when it gets an
.exe?  Someone should absolutely be _shot_ for doing that,
let alone packagers for allow it to be turned on by default
upon install.  I know they do it for "compatibility," but
_stupid_ "compatibility" be damned, I don't want it if I
merely install the WINE package.


-- 
Bryan J. Smith                | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org     |  (please excuse any
http://thebs413.blogspot.com/ |   missing headers)

More information about the CentOS mailing list