Barton L. Phillips a écrit : > Of course under Windows a .pl may well be linked to perl and therefore > be executable without having to do a chmod (which of course Windows > doesn't understand). However, in general I have no problem with either > in-lining or attaching script code. >
I don't see much benefit in "linking" .pl to perl, as this means you double click and the script runs (I am not talking about email here, but of general windows use). In many cases, perl scripts need arguments. so running them by double click is at least useless, and at worst harmful. I rather link .pl to an editor! if you need to run a perl script via double click, a .bat (or a perl script with a specific extension linked to perl if you prefer) would allow you to specify command line arguments. > Executables, on the other hand are a different story. For one, I and, I > expect others, have software running (like mimedefang) that will reject > attached executables. If one really needs to post an executable it > would, IMHO, be better to do so via a web page. > yes. I would include .vbs, even if these are scripts. There is a minimal list of extensions that have nothing to do in email (who needs a .pif nowadays? and in the rare cases it is needed, it can be sent using a different method or different "encoding"). now, as the .wmf story showed, you can't trust the extension. you still need to look at the magic header. This is fortunately feasible with mimedefang, amavisd-new, renattach, ripmime, ... etc. > As I use Linux I don't have much of a problem with attached .exe or .com > files etc. I NEVER read my mail on any of my Windows machines, and I > restrict my web browsing to only very well trusted sites and then only > when I can't use Linux or Firefox because the sites are so Windows only > designed. > The problem is mostly with outlook (even if it can be configured to not auto run executables, it had vulnerabilities that made it run some actions without the user "opening" the mail!).
