Re: Use Cases and Requirements for Saving Files Securely

2009/11/12 Jonas Sicking <jonas@sicking.cc>:
> 2009/11/12 Ian Fette (イアンフェッティ) <ifette@google.com>:
>> This is really getting into fantasy-land... Writing a file and hoping that
>> the user actually opens up explorer/finder/whatever and browses to some
>> folder deep within the profile directory, and then double clicks something?
>> Telling a user "click here and run blah to get a pony" is so much easier.
>
> So first off that only addresses one of the two attacks I listed.
>
> But even that case I don't think is that fantasy-y. The whole point of
> writing actual files is so that users can interact with the files,
> right? In doing so they'll be just a double-click away from running
> arbitrary malicious code. No warning dialogs or anything. Instead the
> attacker has a range of social engineering opportunities using file
> icon and name as to make doubleclicking the file inviting.
>
> Like I said, I think this might be possible to work around in the
> implementation by making sure to neuter all executable files before
> they go to disk.

Keep in mind that some users interact with their file systems via
search, not browse.  For example, if I use Quicksilver or Spotlight to
launch skype.exe (sorry for mixing platforms), I might easily launch
the skype.exe buried in my profile instead of the one in Program
Files.

Adam

Received on Thursday, 12 November 2009 10:18:54 UTC