Re: [Fed-Talk] Apple's security belly-flop
Re: [Fed-Talk] Apple's security belly-flop
- Subject: Re: [Fed-Talk] Apple's security belly-flop
- From: "Timothy J. Miller" <email@hidden>
- Date: Fri, 24 Feb 2006 16:49:30 -0600
Fairbanks, Lee (contr-ird) wrote:
The fix to the problem would be to patch Safari so that if it tried to
auto open a file thought to be "safe" by its file extension, and it
turns out to be a shell script or other executable once the metadata is
parsed, that it should not auto-execute.
No, because the user may still click on the file. Fixing Finder fixes
the underlying problem, which is a disconnect between file type
identified by magic numbers or file extensions, and the opening
application identified in file metadata.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden