Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-28-2010, 10:17 PM   #1
Registered: Nov 2009
Posts: 522

Rep: Reputation: 33


I am a linux newbie and I have a question:
from what I've understood, unlike in windows, there is no file extension in linux, and the OS opens the default program according to the header it reads in the beginning. Am I right?
If so, doesn't this raise a security concern? Can't a user be mislead by the name of the file (if it ends in .mp3 for example) and think he's opening a music but instead he's executing a malware ? If I'm not mistaken, this wouldn't happen in windows because windows would try to open it with the default mp3 viewer, which would fail and no code would be executed.
I have heard of malwares that were hidden within jpeg files. Is that true, and how does this work?

then again, I'm not an expert so please be indulgent if I'm just saying nonsense and try to explain it pedagogically.

Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 12-29-2010, 02:18 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984Reputation: 1984
Well there are extensions for many files, but they are purely conventional, and are very seldom used at the OS level. Within apps like gimp, openoffice etc, then files get filtered on suffixes, but again this is more a convention. You suggest this is a negative thing, but isn't it vastly more open to abuse the other way round? making a file operate in a different way based on it's name sounds really dubious to me. I'd think it much saner to execute a file in this or that way because that is what the file actually is, rather than a nominal 3 character suffix.

In terms of how you see things as a risk there's a few different use cases which affect this. Firstly from a console perspective, you never run data files, only executables. There is no application association or anything there. As such you would not be in any doubt that what you're running is a program, not an mp3. The other side is the whole windowsy double clicking on a file, and in that context the mime types of the files are, amongst otehr things, used to display a suitable icon for the contents of the file. So in Gnome an mp3 file shows up as a musical note, whereas an executable called runme.mp3 will show up as a script, or binary executable icon, and not a note. So there you're covered fine too really.

Last edited by acid_kewpie; 12-29-2010 at 02:29 AM.
Old 12-29-2010, 10:46 AM   #3
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
Originally Posted by elishac View Post
Can't a user be mislead by the name of the file addition to what's been said it would be easier to fool a user with a process name: try for instance running '/bin/doexec /bin/sleep "/bin/apache2 -DSSL" 1m;' then check with 'ps axf' for a process named "sleep" and you'll only find "/bin/apache2 -DSSL 1m" (however not the more experienced user as running 'readlink -f /proc/`pgrep -f apache2`/exe' or 'lsof -Pwlnp `pgrep -f apache2` should show it's /bin/sleep).

Originally Posted by elishac View Post
I have heard of malwares that were hidden within jpeg files.
We're not the type of site that will show you examples of malware, help you "crack" things or circumvent DRM. That said generally speaking flaws can be exploited for instance when an application interprets something in different way than it should. This can range from making the kernel go bonkers remotely (2006: Linux SCTP conntrack) to crashing an application due to it parsing a MP3 the wrong way (2008: Xine-lib MP3 metadata). But while these problems are serious and are fixed as quickly as possible there are products that due to their closed-source nature, adoption rate or just for being a standard provide ways to embed malware. For a nice roundup see for instance the 2010 SANS PDF Malware Overview and the Malwaretracker PDF Current Threats listing. What's worse is that such an application might provide "features" that allow one to legitimately perform any actions (Seclabs Actions 2.0 in PDF) embedded in a PDF like for instance executing commands (2010: Didier Stevens Escape From PDF). What I'm saying is that it's not only "obvious" malware that may be a threat...
2 members found this post helpful.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Xlib: extension "Generic Event Extension" missing on display] nomachine/x11 forward digger86 Linux - Software 0 05-21-2010 01:29 AM
Magento Install: dom extension and mcrypt extension mjdb Linux - Newbie 0 02-21-2009 02:58 AM
Linux file extension vs Dos file Extension? manaa Linux - Newbie 6 02-12-2009 04:19 PM
sh extension anjanesh Linux - Newbie 5 12-29-2005 12:13 PM
Which extension do i dl? inspectreo Linux - Newbie 2 05-08-2005 04:07 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:39 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration