[CentOS] OT: Possible for Malware against Windows boxes to attack Firefox on Linux?

Sun Apr 19 18:06:43 UTC 2009
mouss <mouss at ml.netoyen.net>

Robert Heller a écrit :
> At Sun, 19 Apr 2009 15:07:05 +0200 CentOS mailing list <centos at centos.org> wrote:
> 
>> Robert Heller a écrit :
>>> [snip]
>>>
>>> Linux does not care about file *names*. 
>> indeed Linux does not. but desktop managers do. That said, *.exe attacks
> 
> Are you sure?  I would think that *Linux*-based desktop managers would
> do something 'smart' like use the results of file (specificly 'file -i
> ..') rather than depend on the file name itself. 

I just tried: renaming a .mp3 to a .gif and double clicking. I get an
error saying something like "bad gif file"...

The problem with the "file type" is that users don't see it. when I
click to open a file, I somewhat "trust" the extension. If I open
foo.png, it's because I want top open an image, not to run latex or make.

maybe the solution would be to check that the extension matches the file
type and if not warn the user.


> I know that since
> MS-Windows lacks anything like the file command (as part of the native
> O/S install), it uses the file extension as a 'type'.
> 

While that was inherited from DOS, the fact that windows took the "it's
all about clicking" way, they didn't have much choice. and it gets
annoying anyway:

- when I double click on a ".pl", do I want to run perl or do I want to
edit the file?

- sometimes, when you remove an application (on windows xp), the system
can no more find the "most appropriate" application (even if you have
many apps that would be ok).

- many applications have a tendency to "steal" a lot of extensions.
under windows, I never let such an app to register any association!

...