Trusted vs Unstrusted MIME types
Bastien Nocera
hadess at hadess.net
Fri Jul 6 16:42:11 PDT 2007
On Fri, 2007-07-06 at 11:21 -0400, Christopher Aillon wrote:
> [following up from a thread on the mozilla forums]
>
> Boris Zbarsky wrote:
> > Christopher Aillon wrote:
> >> Are there any hooks that the fd.o stuff is specifically lacking?
> >
> > Yes. What's needed is a way to have separate helpers for trusted and untrusted
> > files. Often the same, sometimes different.
> >
> > e-mail programs, web browsers, etc should use the untrusted versions (and
> > possibly provide UI for the user to change them, with hooks available for apps
> > to save these user decisions). File managers should use the trusted versions.
>
> Boris makes a good point. We definitely don't want users to "open"
> executables such as perl scripts with an interpreter as that is an easy
> way for an attacker to do things to an unwary user's system. We need
> some way to discern untrusted from trusted content.
>
> Looks like epiphany is doing this via
> http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup
>
> I'd argue that we should consider moving this information to fd.o,
> perhaps into s-m-i itself. I'm not sure we need a separate XML file for
> it, though. Perhaps we could integrate this directly into the existing
> XML file?
I'd be all for having this XML file's data available. Marking
untrustworthy mime-type wouldn't that much of a problem for our
implementation (apart from the ABI breakage of the cache).
However, you need to convince the powers that be (the people working on
the mime-type spec) that it's a good idea.
It is in my opinion. Waiting for comments.
--
Bastien Nocera <hadess at hadess.net>
More information about the xdg
mailing list