Firefox - gedit is the best!

Tim ignored_mailbox at yahoo.com.au
Tue Oct 29 12:59:58 UTC 2013 

Tim:
>> For one thing, it's why Windows is so vulnerable.  Nasty stuff
>> bypasses sensible handling, and is allowed to execute, because
>> that's what Windows does with binary program files (it executes
>> them).

Ian Malone:
> This isn't an argument for using content type rather than
> autodetection, the content type could be manipulated as part of an
> attack.

I don't agree that it it's not, but you do mention yet another problem.

An example of what I meant, was Windows being passed data that it says
is a MIDI file.  Windows thinks MIDI is benign, so allows it (likewise
with users that see a MIDI file, and think its safe to double-click on
it).  But rather than palm the data off to a MIDI handling program, like
it should do.  It snoops the file, finds out that it's an executable
binary, and does what it usually does - executes it.  And runs the
attack.

If, on the other hand, it behaved properly, and passed the attacking
binary onto the MIDI player, the MIDI player would have rejected the
file, and no attack would have happened.

This isn't a made up example, by the way.  It was a very common, and
very long-lived, attack vector in HTML spam mail.  One that I used to
see, time and time again, on mailing lists that did inadequate
registration checks, and on usenet.  The usual approach was to try and
include the fake MIDI file as music that was supposed to automatically
play in the background when the message was displayed.  So all a user
had to do was read the message to be attacked.

I can't think of an example in the opposite direction (where obeying the
MIME type declaration would be an exploit).

-- 
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

More information about the users mailing list