Trusted vs Unstrusted MIME types
mcr at xdsinc.net
Sun Jul 8 19:51:45 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Christopher" == Christopher Aillon <caillon at redhat.com> writes:
Christopher> the default would be to simply download it. That is
Christopher> irrelevant because the browser implementors and mail
Christopher> client implementors get to decide this. The point is
Christopher> that they need to know that certain files might need to
Christopher> be handled differently.
The root cause of the failure mode of of Outlook and Internet Exploder
to keep the windows system safe:
a) use the *SYSTEM* notion of safe/unsafe, which was designed at a
time when the major risk was from unfriendly floppy disks.
b) they ignore the MIME type, and try to auto-guess from the
extension and the file contents. ".jpg" files are safe to pass
to the system executer, but they don't tell the system executer
what type they *THOUGHT* was going to invoked.
What I care about is that once a MIME type has been provided that the
file extension and contents are NEVER looked at again... That way nobody
can lie and slip content in.
Michael.Richardson at thintropy.com / mcr at xdsinc.net
XDS Inc, Ottawa, ON
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the xdg