23 Nov
2005
23 Nov
'05
4:11 p.m.
KJKHyperion wrote:
Sarocet wrote:
The
programs should check it for executing a script too (or give the user
the chance to check it or not. I quote form my email "-to be compliant-" ),
as it verifies we're not doing malicious actions.
My idea was to set a file flag that stated that its file was 'clean'
(whatever clean could mean). This was restricted by the system/river
resetting it when the file changes and only allowing to set it through an
special tool that would be responsible to see if it's clean or not (could
simply say everything is clean or study them more carefully, it's up to the
implementation).
Of course something like this could be implemented without so restrictive
checking. Maybe using the +m flag. Let's suppose files without it are clean.
What then? If i tryed to make such a program using the modified flag it'd be
a mess. Some programs set it when editing. However, others not. I could get
a new (infected) file, and it could show as not dirty...
That's why i thought it interesting, as a way to have everithing controlled,
without having to virus-check always everything. Of course regularly or when
definitions update it'd expire, but i think is easy and powerful enough to
provide a not-so-insecure os.
By the way i tried to change the execution flag on windows but i couldn't.
If set the permission to Read only, i can't modify it but it executes.
I can also set it to W: and gets:
READ_CONTROL, SYNCHRONIZE, FILE_GENERIC_WRITE, FILE_WRITE_DATA,
FILE_APPEND_DATA, FILE_WRITE_EA, FILE_EXECUTE, FILE_WRITE_ATTRIBUTES, but
i'm not able to change them individually. Am i missing something? Is there
another way to modify them apart of cacls? None *.msc nor properties page
seem to do it.
I had an idea about virus propagation. As
we'll have added attribs on FS,
i'd implement the eXecution flag. No program could be run without it. If
a DLL were loaded it'd have that flag would automatically set (if
allowed).
execution already has to be granted by the file's ACL. It just happens to
be enabled by default (try disabling it to see by yourself why it cannot
be disabled without trouble)
That aplies to WSH, Java, Flash, Php, shell
scripts...
no, it doesn't. You cannot tell between opening and executing a script they're called text services, Windows supports
them since Windows XP and
the framework to run them is available for Windows 2000 too
How are they
used/programmed?
At installed services i only see Language (child> Keyboard (child> Language.
Not strange i didn't know.
GvG: "please solve the world's hunger problem and find a cure for cancer
too."
That'd be great if someone did. Even better than making a free OS windows
compatible.
And if we're not able to get that goal (yet), why not buy microsoft to free
its code?
We can't solve the world's hunger problem, but we can give a windows-like OS
to the world.
Slogan: 'Use your money to avoid world hunger instead for buying windows.'