Trusted vs Unstrusted MIME types

Rodney Dawes dobey.pwns at gmail.com
Sat Jul 7 08:03:59 PDT 2007


On Sat, 2007-07-07 at 09:53 +0000, Thomas Leonard wrote:
> How can a type be "safe" or "unsafe"? Safeness depends on the application.
> E.g. a python script is safe if you open it with a text editor, but not if
> you use a python interpreter.
> 
> Perhaps applications that are designed to handle untrusted data safely
> could be flagged as such in their .desktop files?

What about trusted applications with security flaws, that handle
"trusted" types? A tar.gz might be considered "safe", but could expose a
security flaw in gzip.

-- dobey




More information about the xdg mailing list