Trusted vs Unstrusted MIME types
Michael Richardson
mcr at xdsinc.net
Sun Jul 8 19:38:27 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Rodney" == Rodney Dawes <dobey.pwns at gmail.com> writes:
>> How can a type be "safe" or "unsafe"? Safeness depends on the
>> application. E.g. a python script is safe if you open it with a
>> text editor, but not if you use a python interpreter.
>>
>> Perhaps applications that are designed to handle untrusted data
>> safely could be flagged as such in their .desktop files?
Rodney> What about trusted applications with security flaws, that
Rodney> handle "trusted" types? A tar.gz might be considered "safe",
Rodney> but could expose a security flaw in gzip.
That's a bug.
There are always bugs.
A python script which can run "rm -rf /", is a feature.
It will always do that.
- --
Michael.Richardson at thintropy.com / mcr at xdsinc.net
XDS Inc, Ottawa, ON
Personal: http://www.sandelman.ca/mcr/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBRpGfmoCLcPvd0N1lAQKZuAf/W2AiZL5OpE4Yg0YoiGOTTa0tW/lKvBeR
ani0Ojgk9wBsqcMyHkURN0tjU1JBzfSjrDAvGas2UosvbCoh88EYHJOcwrvUIKZq
+9zUE+hyeMWkM6PuElwf1G1lCrZIs6Zgey3WZQeLEWEnXTOaVPOYi99IC1SMMqM1
2TXV+uByPnWvnMcnDwabWH+zGME79ySw2LUzfa5W/05Jgfn+bmtnErOkhVuLxFEl
n5LW5wEriXSPM8nm2g4tm8Hebzxg/XZdF5Er6Bze6XI4FPuieh4tS5JJalmOJSjC
A3ulcLAJPSItdgiBVjYvMni9gqxDR3uNNx2q4HEBY9LG1V0S63cxIA==
=wpwR
-----END PGP SIGNATURE-----
More information about the xdg
mailing list