[ale] palm41.dll weirdness

Geoffrey esoteric at 3times25.net
Fri Sep 24 04:22:34 EDT 2004 

Robert Reese wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> *********** REPLY SEPARATOR  ***********
> On 9/22/2004 at 6:08 AM Geoffrey wrote:
> 
> 
>>>Simple, really.  I run Windows and own(ed) a Palm Pilot.  This isn't the
>>>first time I've encountered this DLL (Dynamic Link Library).  ;c)
>>
>>But you're making the assumption that this file is the real thing.  Not 
>>a good thing to do.
> 
> 
> It wasn't an assumption.

Then what basis?  Did he send you the file?  Unless you physically 
inspected this file yourself, you can not say anything about it's true 
contents.  You can not and should not assume that a filed called 
palm41.dll on his box is the same file as one named palm41.dll on yours.

>>>Actually, I don't remember.  I think I was formulating a response when
>>
>>the
>>
>>>strings reply came back.  Anyway, it doesn't matter much and here's why:
>>>Dynamic Link Libraries don't belong on Linux boxes, right?  So they
>>>obviously aren't self-executable by reckoning of the operating system.
>>
>>Wrong, any file that has the executable bit set is executable in a Unix 
>>environment.
> 
> 
> Good to know.  Perhaps, then, the first question that should have been
> asked was if the executable bit was set.  If not, what good would it do if
> it were a virus or a worm?

sh palm41.dll ???

>> It does not matter what the file name is.  You're assuming 
>>it's a dll by way of the name.
> 
> 
> It wasn't an assumption.

You've provided no other evidence to the contrary.  Without physically 
having the file, it is an assumption.

>>>Further, if you were to
>>>write a virus for *nix machines, would you use a naming convention that
>>>followed the Windows file extension of .dll?  Nor likely would any *nix
>>>virus writer I would think. ;c)
>>
>>Possibly, in order to cause folks to make that same assumption you've 
>>made, that it's a 'safe' file in a Unix environment.
> 
> 
> It wasn't an assumption.  It was, and is, a file I've had experience with
> previously.

Okay, I'm going to send you a file called bash, will you please execute 
it on your computer.  After all, I'm sure you've had experience with 
this file as well.

> 
> Additionally, unless he or she's an idiot a virus writer wouldn't put such
> a well-known windows extension on a virus as it is bound to be noticed by
> most *nix folks.  Rather, they would use a well-known file extension for
> unix, if they used one at all.
> 
> 
> Oh, by the way.... I did in fact look at the strings output before
> finalizing my response.  ;c)

According to the archives, your response was to my recommendation to run 
strings, although the date on you machine appears to be off by a couple 
of days???  Therefore the threading could well be screwed up.  Jim's 
response to my suggestion to run strings is found 5 or six threads 
later, although it too is in response to my strings suggestion. 
According to the archives, both threads and dates, you responded to my 
posting before Jim posted his strings output.

The bottom line is, it's quite foolish to assume the contents of a file 
based on it's name.
-- 
Until later, Geoffrey       Registered Linux User #108567
                             AT&T Certified UNIX System Programmer - 1995

More information about the Ale mailing list