vulnerability using spaces in file name

[manuel]

Hi:

In Windows 7 the files Explorer in report mode (view) if the file name contains many blank spaces, for example

Code: Select all

"myfile                                                        txt.exe"

windows only displays the section myfile followed by some points and not show the extension (no txt or not exe are show), this can cause an atanque and dress up the file with a text icon and make believe that you it's a text file genuine when in reality it is an executable (that It could be spread maliciously through some routine).

This exist in reactos (file explorer in report mode), I suggest if the file name contains many blank spaces keep a pointer to the actual name of the file (to run it if necessary) but the reactos Explorer remove those blank spaces and display the real file name, by example "myfile.txt.exe" file, so the user is not a hoax victim, greetings.

[erkinalp]

We have extension shown by default in GNOME and other DEs for Unix, may changing the default settings so that it always showing the extension be solution?

[manuel]

changing the default settings so that it always showing the extension be solution?

yes is a solution, but if the file name is very very long and contain many spaces characters reactos not show the extension. Then exist the problem it mentioned, greetings.

[Forever Winter]

I dont't know exactly, but shouldn't Windows 7 show by default a column that displays the file type in report view?

[manuel]

the column exists and is practical, but I mention this problem because accidentally perhaps user not see that it is an application, not a text file and run it, my intension is strengthen a few the security of reactos

[milon]

On that topic, I just came across a 6-part article on the history and present state of OS security, and it was a really good read. The author addresses several points, including hiding file extensions and the problems that can arise from that. If anyone is interested:
Part 1 - http://infosecisland.com/blogview/15034 ... urity.html
Part 2 - http://infosecisland.com/blogview/15068 ... ustry.html
Part 3 - http://infosecisland.com/blogview/15106 ... ustry.html
Part 4 - http://infosecisland.com/blogview/15159 ... -Ever.html --> This one addresses hidden file extensions
Part 5 - http://infosecisland.com/blogview/15196 ... eeted.html
Part 6 - http://www.infosecisland.com/blogview/1 ... oblem.html

[Forever Winter]

I agree that in such cases it won't save the user from such programs.
The problem with cutting out spaces is that it may lead to user confusion, because the information shown by the explorer is actually different from what is stored on disk.
And if the file extensions are hidden, the user has finally the same problem. At least at downloads and mail attachments, the more robust solution in my opinion is that
the browser or mail client sets the file's ACL entry for executing to deny the operation. If the file is realy a picture, it is viewed as excepted, if it is a program, the user
gets a message.