Steven D'Aprano wrote:
Windows doesn't understand Unix/Linux file systems, so it can't see Unix
permissions natively. However, Windows does support NTFS, which uses an
extraordinarily rich set of Access Control Lists capable of emulating
anything Unix permissions can do, and far, far more. Most people don't
use anywhere near the full set of ACLs, probably because they're quite
complicated and they're a lot of them:
Sadly the default is for 'old style' behaviour so no execute permissions
used, but they *could* be.
http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
On the other hand, FAT-xx file systems don't have any security
permissions at all.
One thing that bothers me is the way LINUX seems to default to
execute-enabled on such drives (most likely USB sticks). OK, you might
want to run stuff off a CD for installing, but given the ease of viruses
in the world of Windows to propagate using either autorun or user
gullibility it would be far better if any USB drives were mounted with
the 'noexec' option. Any ideas of how to configure that?
And on the gripping hand, some Linux file systems (ext2, ext3, and
others) have "extended attributes" which go beyond the POSIX standard. I
don't know if samba uses them to correspond to NTFS ACLs, but I
understand the SELinux uses them extensively.
http://www.linux.com/feature/114027
http://wiki.linuxquestions.org/wiki/Extended_attributes
Way too much - an opportunity for folk to put *anything* in there to the
point of loosing data when it is copied to a system that can't
understand those attributes.
That's probably of academic interest only, given that most Windows users
run with full admin privileges all the time.
I do on my W2k box as so much just won't work properly otherwise, and
yes I know that is security suicide!
Final and most important point with respect to the original posting, has
CERT and/or the LINUX distributors been told of the flaw and our patch
to fix it?
_______________________________________________
Pan-users mailing list
Pan-users@nongnu.org
http://lists.nongnu.org/mailman/listinfo/pan-users
