Auto File-Extension addition
Yash Khosla
ykhosla at uwo.ca
Mon Apr 3 23:47:51 UTC 2017
Hello,
I had the following concern. It's not typically a bug or a flaw but I would still like to bring it to your notice because for me, it is a bit worrying.
Here's the scenario: I have a bin file which Ubuntu (14.04 and 16.04) can run. If I make a symlink for that file and name it either 'readme', 'authors' or 'CHANGELOG', I get an icon which depicts a text file. Also, when i check the properties of this file, it says it is linked to a text document.
The worrying part here is that one could actually have a malicious bin file and he could hide it by adding a '.' at the beginning of the filename, then make a symlink and name it 'readme' or 'authors', tar/zip it, and send it to anyone. Since the victim sees a text icon and the properties of the file says it's linked to a text document, I believe the victim would open it expecting a text file to open. But instead the malicious script could run in the background and cause damage to the system.
What do you think about this? Shouldn't this assumption of the nature of the file based on the filename be abandoned?
Regards,
Yash Khosla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20170403/4fd7cfed/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list