04-04-2024, 06:36 PM
|
#73
|
Wizard
Posts: 1,804
Karma: 13416548
Join Date: Nov 2010
Device: Kobo Clara HD, iPad Pro 10", iPhone 15 Pro
|
Quote:
Originally Posted by Quoth
A file extension might be poor to decide which program to run, but it's not an inherent security risk.
|
https://en.wikipedia.org/wiki/Filena...ecurity_issues
Quote:
There have been instances of malware crafted to exploit vulnerabilities in some Windows applications which could cause a stack-based buffer overflow when opening a file with an overly long, unhandled filename extension.
...
When trying to identify a file for security reasons, it is therefore considered dangerous to rely on the extension alone and a proper analysis of the content of the file is preferred. For example, on UNIX-like systems, it is not uncommon to find files with no extensions at all, as commands such as file are meant to be used instead, and will read the file's header to determine its content.
|
|
|
|