Trusted vs Unstrusted MIME types
mcr at xdsinc.net
Sun Jul 8 19:38:27 PDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Rodney" == Rodney Dawes <dobey.pwns at gmail.com> writes:
>> How can a type be "safe" or "unsafe"? Safeness depends on the
>> application. E.g. a python script is safe if you open it with a
>> text editor, but not if you use a python interpreter.
>> Perhaps applications that are designed to handle untrusted data
>> safely could be flagged as such in their .desktop files?
Rodney> What about trusted applications with security flaws, that
Rodney> handle "trusted" types? A tar.gz might be considered "safe",
Rodney> but could expose a security flaw in gzip.
That's a bug.
There are always bugs.
A python script which can run "rm -rf /", is a feature.
It will always do that.
Michael.Richardson at thintropy.com / mcr at xdsinc.net
XDS Inc, Ottawa, ON
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----
More information about the xdg