From: Philippe Verdy (verdy_p@wanadoo.fr)
Date: Wed Nov 02 2005 - 22:40:39 CST
From: "Marc Bruguières" <marcbruguieres@ifrance.com>
> Elliotte Harold:
>> Paul Battley found an issue involving Unicode characters that look like
>> periods used to disguise executables on Mac OS X:
>> http://po-ru.com/articles/osx-trojan/
>> I think if I were Apple I'd probably just ban these characters in file
>> names.
>
> Which characters? Different from those that ICANN will want to ban? How
> many ways of plugging the holes? Shouldtn't his be solved *as much as
> possible* in Unicode, rather looks like there are more and more
> confusables being encoded (for example Ancient Greek Musical Signs,
> Arabic diacritics, etc.).
For Apple, it is simple to solve: it must just signal along with all icons,
if this is really a safe thumbnail, or if it is a runnable bundled
application (a directory with a hidden ".add" extension, or with a
executable resource fork). I think that any email agent for Mac should
perform this check without problem, including Safari and Firefox (and I'm
quite sure that a patch is available if there are old versions that still
don't have it).
So Apple does not need to ban this character from filenames even if this
disguises an apparently inoccuous extension like ".jpg", with a pseudo-dot,
and even if files have multiple extension with regular ASCII dots (there are
many of such files on Mac, if you just consider the case where version
numbers or dates and other numbers or abbreviations and people names are
often present in explicit names).
This archive was generated by hypermail 2.1.5 : Wed Nov 02 2005 - 22:43:24 CST