Path: csiph.com!eternal-september.org!feeder.eternal-september.org!nntp.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: John Ames Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc Subject: Re: What Thinkest Thou Of LO Donate Banner? Date: Mon, 24 Nov 2025 09:26:00 -0800 Organization: A noiseless patient Spider Lines: 60 Message-ID: <20251124092600.00001815@gmail.com> References: <1864d8e7ae136b94$115$2498948$802601b3@news.usenetexpress.com> <10a4ph3$obcm$2@dont-email.me> <68c5ef9f@news.ausics.net> <10a5sou$1360o$7@dont-email.me> <10fcb5j$3enl$1@dont-email.me> <20251120145948.00000987@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Injection-Date: Mon, 24 Nov 2025 17:26:05 +0000 (UTC) Injection-Info: dont-email.me; posting-host="e1d3bc2610a74b5c0ee9fa63bde11515"; logging-data="2688683"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/W5WKJS4X1OO/F9g2Om8PDQYY197ZwEh4=" Cancel-Lock: sha1:Hlb5eKGZAE9wtKY7ungT9eD93KE= X-Newsreader: Claws Mail 4.3.0 (GTK 3.24.42; x86_64-w64-mingw32) Xref: csiph.com comp.os.linux.advocacy:701686 comp.os.linux.misc:77875 On Sun, 23 Nov 2025 03:19:35 -0000 (UTC) Gremlin wrote: > >> You can't depend on a files extension to actually be what the file > >> is. > > > > Once upon a time you could, in MS-land, but Win95 and Windows > > Explorer hopelessly muddied the waters on this in trying to make > > file-type handling semi-transparent :/ > > Hmm. I don't remember a time in MS days from DOS to Windows that the > file extension could absolutely be trusted. Even under the days of > DOS, the extension didn't really matter if you did this: > HITHERE.TXT for the example is really an .exe file. > > ; Assume a command string "HITHERE.TXT" is in memory > ; and a valid parameter block is also set up. > > MOV AH, 4Bh ; EXEC - Execute Program > MOV AL, 00h ; Load and execute > MOV DX, OFFSET command_string ; DS:DX points to command string > MOV BX, OFFSET param_block ; ES:BX points to parameter block > INT 21h > > You couldn't type hithere.txt from a command prompt and it execute, > sure. But, you could do something like the above in asm/another > language of choice and it would, if it was an executable. Interesting - I'm curious how common that actually was back in the day, though? I don't recall a lot of DOS applications that I used chaining from one EXE to another, unless you were really into launcher-menu type utilities; most of what I remember was single EXEs for the main program plus accessory EXEs for configuration (i.e. the inevitable SOUNDSET.EXE and its ilk,) and transfer of control was usually mediated by a *.BAT launcher script. (Although if COMMAND.COM invokes that mechanism itself in interpreting batch scripts, that'd certainly leave it vulnerable; no idea if that's the case or not.) > If it starts with MZ for example, you should be scanning it - because > that's a well known marker for an executable file. Just as an > example. .com files were a little trickier because they didn't > officially have a header. Yeah, it certainly doesn't hurt to sniff for a valid header if you're already looking at the file. > Windows95 and above encouraged users to trust the file extension. > That the extension was what the file really was. This resulted some > in people being a little cheeky and having a bit of fun with it. such > as openme.txt.exe. You'd see openme.txt and not the actual extension. > So one double click for many users later and you might have had > yourself a problem. In order to see the actual extension, you would > have to turn hide extensions (the default setting) off. Yes - this was an absolute misfeature in Win9x, and one that was pretty plainly a "look, we can *so* be MacOS!" on MS's part to boot. Caused no *end* of shenanigans over the years, it has... :/