[
Lists Home |
Date Index |
Thread Index
]
Rick Jelliffe wrote:
> This was a new thing to me: a file being a kind of DoS just by
> being placed in a directory and not even executed.
The good old Acorn Archimedes systems that were popular in schools in
the UK in the 90s had a (in retrospect) very bad design decision made.
The filesystem allowed you to have "compound files", through a simple
convention. If a directory's name began with an ! symbol, then the
semantics of double clicking it etc. were handled by executing a file
called !Run inside that directory. This was how applications generally
worked - all the resources, data files, and so on lived within the
application directory along with the executable. !Run was often a script
that set up environment variables and so on, then called the real
executable.
However, within a !-directory there could also be a !Boot file. This
(uhoh) was executed whenever the directory was 'seen' in the file
managed for the first time, and it had responsiblity for things like
informing the OS of an icon to use for the directory instead of the default.
Needless to say, this was heavily abused - one could write a fully
functional virus in interpreted BASIC, which would save a copy of itself
into application directories and shove a reference to the saved copy
inside !Boot, so even viewing the application's icon by opening the
enclosing directory caused the virus to load.
> What a state we have arrived at, when operating system
> need anti-virus software which can cause this kind of headache.
Yes. Viruses (in the strict sense, not *worms* like these email things)
can only really exist in operating systems where users routinely have
write access to the executables they execute...
> Cheers
> Rick Jelliffe
ABS
|
