MIME info spec: Handling containers/multiple MIME types per glob pattern

[Alexander Larsson]

On Tue, 2005-11-22 at 10:51 -0800, Waldo Bastian wrote:
> > Ideally a file manager would initially use fast extension based mime
> > types while asynchronously sniffing to make sure they are what they say
> > they are.
> 
> This is what KDE did at some point but the implication of it is that the type 
> originally displayed and the type later used differs, with nasty security 
> implications. You could of course warn the user about this when it happens 
> (Does Gnome happen to do that?) but it would be rather bad if certain types 
> of files would always trigger such warning.

What Gnome does (Nautilus really) is somewhat similar to this, although
a bit more complex. 

When reading a directory we use the extension-based mimetype, except
when its "application/octet-stream". In that case we try sniffing, using
the sniffed result except in these cases:
* the sniffed type is application/octet-stream 
  (then we fallback to the extension type)
* the sniffed type is a common container type:
 application/x-ole-storage, text/xml, application/x-bzip, 
 application/x-gzip, application/zip 
 (then we fallback to the extension type, allowing us to report 
  the right thing for e.g. OOo documents)
* the extension type is a subclass of the sniffed type 
  (i.e. a more specific type, then we use the sniffed type)

This means reading a directory is generally fast, although on some
directories like /usr/bin the extension based match isn't much help, so
reading those are slow.

However, whenever a file is selected in the file manager (as part of
e.g. opening that file) we recalculate the type by sniffing (with the
above rules), changing the icon and whatnot. When you actually click on
the file to open it we compare the fast and slow mimetypes and if they
differ significantly we show a warning dialog. The types are considered
"same" if:
* the types are the same
* the mime types are aliases
* the extension type is a parent of the sniffed type
* the two mimetypes would open the file with the same application

The warning dialog shows:
g_strdup_printf 
	(_("The filename \"%s\" indicates that this file is of type \"%s\". " 
	   "The contents of the file indicate that the file is of type \"%s\". If "
	   "you open this file, the file might present a security risk to your system.\n\n"
	   "Do not open the file unless you created the file yourself, or received "
	   "the file from a trusted source. To open the file, rename the file to the "
	   "correct extension for \"%s\", then open the file normally. "
	   "Alternatively, use the Open With menu to choose a specific application "
	   "for the file. "),
	 name, 
	 guessed_description ? guessed_description : guessed_mime_type, 
	 real_description ? real_description : mime_type,
	 real_description ? real_description : mime_type);

This whole scheme is sort of complicated and less than ideal. Generally
you don't get the warning dialog due to a security problem, but rather
due to weaknesses in the mime database that we need to fix. Over the
years we've added the exceptions above, and fixed things in the mime
database which makes it better than it used to be, but its still
something of a wart in the UI. I'm not sure what a better way would be
though.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl at redhat.com    alla at lysator.liu.se 
He's a deeply religious amnesiac photographer who hides his scarred face 
behind a mask. She's a psychotic streetsmart snake charmer who inherited a 
spooky stately manor from her late maiden aunt. They fight crime!