Trusted vs Unstrusted MIME types

Christopher Aillon caillon at
Sat Jul 7 22:25:55 PDT 2007

Stephan Arts wrote:
> You do realize that the assumptions of mimetypes being 'safe' (and
> providing additional features accordingly) leads to the most common
> security vulnerabilities on the windows platform?

Actually, the vulnerabilities were because provided MIME types got 
ignored and treated as different types based on file content sniffing. 
Quite different from this.

> I am not saying this would be a waste of time, but unless someone can
> come with a solid definition of 'safe', do not even try to implement
> anything of this kind. If there is one thing we can learn from MS,
> then it is that not doing it right can be worse then not doing it at
> all.

Everything's unsafe.  :-)  The epiphany implementation treats everything 
as unsafe by default.

There is a rather small whitelist of types which are considered "safe". 
  This includes things like text/plain and image/jpeg.  There is also an 
explicit blacklist of really unsafe "seriously not cool to ever 
automatically do default action" stuff such as application/x-shellscript 

> Please be careful where you are taking this.

Nod.  I suppose I also should mention that I am a Firefox developer of 
over 6 years and a longstanding member of the Mozilla Security team, 
having been hired to do just that while working at Netscape, and I 
currently do quite a bit of work with the Fedora Security Response team. 
  This proposal has come up precisely because of concerns for hardening 
our security, and I (among others) think this will help a great deal.

More information about the xdg mailing list