LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

It's a bit harder...

It's a bit harder...

Posted Sep 25, 2003 12:51 UTC (Thu) by dion (subscriber, #2764)
In reply to: A different kind of bad week by smoogen
Parent article: A different kind of bad week

I think the situation on Linux is a bit different, because programs need more than just a magic filename to be executed, they need the execution bit to be set and it isn't by default.

This means that if a user clicks a file named loveletter.jpeg.exe then all that happens is that they are told that no program is available for viewing .exe files.

The user would need to set the execute bit to actually run the file and the clueless user will never have done that before because it's something that only programmers do (when having created a script for example), everyone else just installs software from an rpm or using make install.

... but it depends on what the GUI actually does to view/execute file, if it's at all sane then it shouldn't run code from files without the execute bit set, no matter what the last part of the filename is.

(Log in to post comments)

It's a bit harder...

Posted Sep 26, 2003 1:18 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

Hmm. So if Linux is safer because Linux users don't know how to (or are too lazy to) detach a file and run it (by the way, there doesn't have to be an execute bit involved. The Swen analogy would be an RPM attachment that you would rpm -i), then it must also be less safe because users don't know how to or are too lazy to install real security updates.

I don't think Linux can win here.

It's a bit harder...

Posted Oct 2, 2003 16:46 UTC (Thu) by Baylink (subscriber, #755) [Link]

> I don't think that Linux can win here

On the contrary, I suspect it already has.

The Deep Thought in Jon's commentary here is really "defense in depth",
one of the most important approaches to any type of security... and
exactly what you get from the fact that there are *so many* places in
which to deploy genetic diversity: different kernels, different
distributions, different mail clients, different desktop managers. It
rapidly becomes difficult to pick a sweet spot to target as a malware
author.

But, of course, this is largely *because* of the lack of "consumer"
deployment of Linux.

Figuring out how to continue to take advantage of that as Linux
penetrates more deeply into the "consumer" market will be the big
question.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds