Trusted vs Unstrusted MIME types

Bastien Nocera hadess at hadess.net
Fri Jul 6 16:42:11 PDT 2007


On Fri, 2007-07-06 at 11:21 -0400, Christopher Aillon wrote:
> [following up from a thread on the mozilla forums]
> 
> Boris Zbarsky wrote:
> > Christopher Aillon wrote:
> >> Are there any hooks that the fd.o stuff is specifically lacking?
> > 
> > Yes.  What's needed is a way to have separate helpers for trusted and untrusted 
> > files.  Often the same, sometimes different.
> > 
> > e-mail programs, web browsers, etc should use the untrusted versions (and 
> > possibly provide UI for the user to change them, with hooks available for apps 
> > to save these user decisions).  File managers should use the trusted versions.
> 
> Boris makes a good point.  We definitely don't want users to "open" 
> executables such as perl scripts with an interpreter as that is an easy 
> way for an attacker to do things to an unwary user's system.  We need 
> some way to discern untrusted from trusted content.
> 
> Looks like epiphany is doing this via 
> http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup
> 
> I'd argue that we should consider moving this information to fd.o, 
> perhaps into s-m-i itself.  I'm not sure we need a separate XML file for 
> it, though.  Perhaps we could integrate this directly into the existing 
> XML file?

I'd be all for having this XML file's data available. Marking
untrustworthy mime-type wouldn't that much of a problem for our
implementation (apart from the ABI breakage of the cache).

However, you need to convince the powers that be (the people working on
the mime-type spec) that it's a good idea.

It is in my opinion. Waiting for comments.

-- 
Bastien Nocera <hadess at hadess.net> 



More information about the xdg mailing list