Trusted vs Unstrusted MIME types
Thomas Leonard
talex5 at gmail.com
Sat Jul 7 02:53:35 PDT 2007
On Sat, 07 Jul 2007 00:42:11 +0100, Bastien Nocera wrote:
> On Fri, 2007-07-06 at 11:21 -0400, Christopher Aillon wrote:
[...]
>> Boris makes a good point. We definitely don't want users to "open"
>> executables such as perl scripts with an interpreter as that is an easy
>> way for an attacker to do things to an unwary user's system. We need
>> some way to discern untrusted from trusted content.
>>
>> Looks like epiphany is doing this via
>> http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup
>>
>> I'd argue that we should consider moving this information to fd.o,
>> perhaps into s-m-i itself. I'm not sure we need a separate XML file for
>> it, though. Perhaps we could integrate this directly into the existing
>> XML file?
>
> I'd be all for having this XML file's data available. Marking
> untrustworthy mime-type wouldn't that much of a problem for our
> implementation (apart from the ABI breakage of the cache).
How can a type be "safe" or "unsafe"? Safeness depends on the application.
E.g. a python script is safe if you open it with a text editor, but not if
you use a python interpreter.
Perhaps applications that are designed to handle untrusted data safely
could be flagged as such in their .desktop files?
--
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg
mailing list