Am 26.05.2011, 22:33 Uhr, schrieb Boris Zbarsky <bzbar...@mit.edu>:
On 5/26/11 3:12 PM, Dennis Joachimsthaler wrote:
Oh I see the problem... Is it the bang? #!/bin/perl #!/bin/python
#!/bin/bash
could very well result in the text file being executed in one of those
interpreters,
right?
Yes, but even worse on some systems a .pl file will just handed over to
the registered handler for those (often a Perl interpreter) if you try
to "open" it (which is a different operation from "execute" and can be
done even on files that are not executable; think double-clicking the
file in a file manager).
-Boris
Ah, I see. So the people using the GUI are in the gutter? Which are
also the people that are inexperienced and would be prone to such attacks.
Damn.
Though I think it still would happen rarely that a pl file gets downloaded.
I mean who on the most popular system, Windows, has a Perl interpreter
installed?
- Dennis Joachimsthaler
