Trusted vs Unstrusted MIME types

Thomas Leonard talex5 at
Sat Jul 7 02:53:35 PDT 2007

On Sat, 07 Jul 2007 00:42:11 +0100, Bastien Nocera wrote:
> On Fri, 2007-07-06 at 11:21 -0400, Christopher Aillon wrote:
>> Boris makes a good point.  We definitely don't want users to "open" 
>> executables such as perl scripts with an interpreter as that is an easy 
>> way for an attacker to do things to an unwary user's system.  We need 
>> some way to discern untrusted from trusted content.
>> Looks like epiphany is doing this via 
>> I'd argue that we should consider moving this information to fd.o, 
>> perhaps into s-m-i itself.  I'm not sure we need a separate XML file for 
>> it, though.  Perhaps we could integrate this directly into the existing 
>> XML file?
> I'd be all for having this XML file's data available. Marking
> untrustworthy mime-type wouldn't that much of a problem for our
> implementation (apart from the ABI breakage of the cache).

How can a type be "safe" or "unsafe"? Safeness depends on the application.
E.g. a python script is safe if you open it with a text editor, but not if
you use a python interpreter.

Perhaps applications that are designed to handle untrusted data safely
could be flagged as such in their .desktop files?

Dr Thomas Leonard
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

More information about the xdg mailing list