Trusted vs Unstrusted MIME types

Christopher Aillon caillon at redhat.com
Fri Jul 6 08:21:53 PDT 2007


[following up from a thread on the mozilla forums]

Boris Zbarsky wrote:
> Christopher Aillon wrote:
>> Are there any hooks that the fd.o stuff is specifically lacking?
> 
> Yes.  What's needed is a way to have separate helpers for trusted and untrusted 
> files.  Often the same, sometimes different.
> 
> e-mail programs, web browsers, etc should use the untrusted versions (and 
> possibly provide UI for the user to change them, with hooks available for apps 
> to save these user decisions).  File managers should use the trusted versions.

Boris makes a good point.  We definitely don't want users to "open" 
executables such as perl scripts with an interpreter as that is an easy 
way for an attacker to do things to an unwary user's system.  We need 
some way to discern untrusted from trusted content.

Looks like epiphany is doing this via 
http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup

I'd argue that we should consider moving this information to fd.o, 
perhaps into s-m-i itself.  I'm not sure we need a separate XML file for 
it, though.  Perhaps we could integrate this directly into the existing 
XML file?


More information about the xdg mailing list