1

Isn't ignoring the extension of a file a security risk? A .pdf file could perfectly be a batch file, couldn't it? Or a .txt could be a .pdf (with embedded js). The possibilities seem infinite here.

The problem is not that Linux picks the wrong program to run a file. I am aware of how linux knows the type of fileand how file extensions and association with programs work in linux. However, doesn't this make it easy for an attacker to easily trick a user to run the wrong type of file?

Community
  • 1
Quora Feans
  • 3,866
  • To run a wrong what how? Do you have something more specific than "infinite possibilities"? – thrig Mar 01 '17 at 20:15
  • The user decides what to do with a file. If they think it's a PDF file, they'll load it into a PDF reader application, not try to run it as a script. Are you talking about how a GUI decides what to do if you double-click on the file? – Barmar Mar 01 '17 at 20:31
  • 1
    Since Windows allows hiding known file extensions (and has the option activated in vanilla), relying on them is much more dangerous: the user sees a B.txt file that actually is a B.txt.exe and is far easier tricked into executing it. Apart from that the standard files, that are used for transferring information (i.e. text or pictures) are not executed on their own but rather interpreted by a program (reader, etc.). So I'd assume that in contrast to your thesis ignoring the extension is actually more secure as it raises the user's awareness, which is the most fundamental security issue. – FelixJN Mar 01 '17 at 20:44

2 Answers2

1

There are multiple contexts for how a file might be "run."

The first is if you ask the kernel to run a program using the execve() system call. This is where the file's execute permission comes into play; if the execute permission bit is not set, the file cannot be run as a program in this way.

The second is using some other special shell, such as Unity, Plasma or Nautilus. These shells will usually run the file program to examine the file and retrieve a MIME type--a statement of what type of file it is and provide a visual indicator. If asked to open the file, they'll usually call xdg-open, which will--again--run file on the file, and then look up what the system is configured to do with that type of file, what programs are available to open it, etc.

There is one special, interesting case. Much like Windows' ".lnk" shortcut files, Linux has ".desktop" files. These files contain instructions on what the file's icon should look like, what should be done when the file is run, etc.

Michael Mol
  • 927
0

The execute bit is the usual protection from this attack. Programs that download files are always supposed to remove the execute bit from them, and files that don't have the execute bit set aren't supposed to be able to do anything dangerous. See https://wiki.ubuntu.com/Security/ExecutableBit for details (at least on Ubuntu).

Joseph Sible-Reinstate Monica
  • 3,323