[CrackMonkey] the world is insane
M. Drew Streib
dtype at dtype.org
Tue Sep 18 14:56:50 PDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Sep 18, 2001 at 02:48:43PM -0700, Rick Moen wrote:
> This is the logical end result of their refusing to distinguish between
> viewing an attachment and executing it, and instead referring to both
> indiscriminately as "opening" them. Lacking the key distinction, they
Don't forget that somewhere in between which is interpreting the file.
Simply "viewing" a MSDOC file may actually entail opening it and performing
some set of macros, according to the Microsoft definition. This isn't
_technically_ executing the file, but is allowing active interpretation
of its contents by some other brain dead program.
We have the equivalent (sort of) with some mime types. For instance,
I must launch w3m to view any text/html attachments I get. w3m
"interprets" the file in order to display it to me. The difference is,
I know that w3m, short of any unknown security holes, doesn't include
the facility to modify any part of my system in viewing this file.
The security seems to be in the programs executed to "view" or "interpret"
M. Drew Streib <dtype at dtype.org> | http://dtype.org/
FSG <dtype at freestandards.org> | Linux International <dtype at li.org>
freedb <dtype at freedb.org> | SourceForge <dtype at sourceforge.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Crackmonkey