Trusted vs Unstrusted MIME types
caillon at redhat.com
Sat Jul 7 22:25:55 PDT 2007
Stephan Arts wrote:
> You do realize that the assumptions of mimetypes being 'safe' (and
> providing additional features accordingly) leads to the most common
> security vulnerabilities on the windows platform?
Actually, the vulnerabilities were because provided MIME types got
ignored and treated as different types based on file content sniffing.
Quite different from this.
> I am not saying this would be a waste of time, but unless someone can
> come with a solid definition of 'safe', do not even try to implement
> anything of this kind. If there is one thing we can learn from MS,
> then it is that not doing it right can be worse then not doing it at
Everything's unsafe. :-) The epiphany implementation treats everything
as unsafe by default.
There is a rather small whitelist of types which are considered "safe".
This includes things like text/plain and image/jpeg. There is also an
explicit blacklist of really unsafe "seriously not cool to ever
automatically do default action" stuff such as application/x-shellscript
> Please be careful where you are taking this.
Nod. I suppose I also should mention that I am a Firefox developer of
over 6 years and a longstanding member of the Mozilla Security team,
having been hired to do just that while working at Netscape, and I
currently do quite a bit of work with the Fedora Security Response team.
This proposal has come up precisely because of concerns for hardening
our security, and I (among others) think this will help a great deal.
More information about the xdg