Re: Web based email issues
From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: Mon, 15 Sep 2003 18:22:21 -0400
In article <MPG.firstname.lastname@example.org>,
> In article <MPG.email@example.com>,
> colonel_flagg@NOSOUPFORJ00internetwarzone.org says...
> > In article <MPG.firstname.lastname@example.org>,
> > email@example.com says...
> > > A file with JPG or GIF will not be executed on ANY OS, but there are
> > > helper applications that MAY launch if you click on one.
> > I believe I would rethink the above or perhaps do a little more research
> > before making such a broad statement.
> As a GIF and JPG are image files, are not executable files on any OS
> that I know of, please feel free to tell us how a GIF or JPG can be
> executed without the aid of a helper application.
"that I know of" is the key element.
Your statement is very broad by saying "any" OS. The filename extension
doesn't determine whether it's executable or not in *nix. just about
_any_ file may be set executable in a unix-like system.
I would suspect your statement is the result from a lack of experience
in a unix-like environment. If you have access to a unix box where
you're free to "test" things, simply:
# touch filename.jpg
# ls -al filename.jpg
-rw-r--r-- 1 flagg 4077 0 Sep 15 19:41 filename.jpg
notice the above -rw-r--r--
read here for an explanation of unix file permissions:
# chmod 700 filename.jpg
# ls -al filename.jpg
-rwx------ 1 flagg 4077 0 Sep 15 19:41 filename.jpg
now notice the -rwx------
whereas "x" == "executable". see above URL.
Also, stating it isn't executable doesn't resolve the possibility of a
.jpg containing malicious code, I believe elsewhere in this thread,
someone posted a link to bugtraq reports of jpgs and how browsers on
Microsoft Operating Systems mishandling them. True, they need a third
party product to mishandle the code, however, the jpg not being
executable has nothing to do whether they can cause harm or not, simply
opening the file in it's associated program *could* cause ill affects.
.jpg's and .gif's, once thought to be safe, haven't been for a number of
-- Colonel Flagg http://www.internetwarzone.org/ Privacy at a click: http://www.cotse.net Q: How many Bill Gates does it take to change a lightbulb? A: None, he just defines Darkness? as the new industry standard..." "...I see stupid people."