Linked by Thom Holwerda on Wed 5th Apr 2006 17:37 UTC, submitted by Mark
Linux "In GNU/Linux, file access is restricted. Users don't necessarily have the same rights when it comes to deleting, executing or even reading files. In fact, every file contain data such as its owner, its permissions and other information which defines exactly what can be done with it, and by whom."
Thread beginning with comment 112379
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: a recommended read
by Morin on Thu 6th Apr 2006 19:30 UTC in reply to "RE[4]: a recommended read"
Morin
Member since:
2005-12-31

> But malware may have a hard time as well, if it's left without executable permissions.

Specially forged data files do not have executable permissions but execute code anyway through buffer overflow attacks.

Not all scripting interpreters require the script to have executable permissions. The script could also be embedded in a datafile.

Social engineering attacks don't have a hard time in making the user set executable permissions.

... and so on. You can of course pretend the problem doesn't exist. But you could also understand the cause of these problems, why file permissions alone *don't* handle them, and find a better solution. This doesn't mean file permissions are useless - in fact they'd probably play an important role in a proper solution. But they are not a solution to everything if taken alone.

On a side note, many "computer specialists" avoid responsibility for social engineering attacks altogether, probably with excuses such as "people shouldn't be so stupid", or "we can't solve this problem anyway", or "we aren't the right people to solve this problem", or whatever. Saying that file permissions solve the malware problem tends to lead in the same direction.

Reply Parent Score: 1