OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Can A Web Site Be Reliably Defended Against DoS Attacks?

[ Lists Home | Date Index | Thread Index ]

Rick Jelliffe wrote:

> This was a new thing to me: a file being a kind of DoS just by
> being placed in a directory and not even executed.

The good old Acorn Archimedes systems that were popular in schools in 
the UK in the 90s had a (in retrospect) very bad design decision made.

The filesystem allowed you to have "compound files", through a simple 
convention. If a directory's name began with an ! symbol, then the 
semantics of double clicking it etc. were handled by executing a file 
called !Run inside that directory. This was how applications generally 
worked - all the resources, data files, and so on lived within the 
application directory along with the executable. !Run was often a script 
that set up environment variables and so on, then called the real 

However, within a !-directory there could also be a !Boot file. This 
(uhoh) was executed whenever the directory was 'seen' in the file 
managed for the first time, and it had responsiblity for things like 
informing the OS of an icon to use for the directory instead of the default.

Needless to say, this was heavily abused - one could write a fully 
functional virus in interpreted BASIC, which would save a copy of itself 
into application directories and shove a reference to the saved copy 
inside !Boot, so even viewing the application's icon by opening the 
enclosing directory caused the virus to load.

> What a state we have arrived at, when operating system
> need anti-virus software which can cause this kind of headache.

Yes. Viruses (in the strict sense, not *worms* like these email things) 
can only really exist in operating systems where users routinely have 
write access to the executables they execute...

> Cheers
> Rick Jelliffe



News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS