Trusted vs Unstrusted MIME types
caillon at redhat.com
Mon Jul 9 09:05:45 PDT 2007
Rodney Dawes wrote:
> On Sun, 2007-07-08 at 22:38 -0400, Michael Richardson wrote:
>> Rodney> What about trusted applications with security flaws, that
>> Rodney> handle "trusted" types? A tar.gz might be considered "safe",
>> Rodney> but could expose a security flaw in gzip.
>> That's a bug.
>> There are always bugs.
>> A python script which can run "rm -rf /", is a feature.
>> It will always do that.
> Bug or not, the level of safety there must be determined by the user.
> One user's safe, is another user's ZOMG! No amount of software
> abstraction is going to change that.
Right. Let's not waste time worrying about users who refuse to update
their system. They are already dead in the water. There is not much we
can do for them save recommend they enable SELinux or similar. We need
to assume the system is otherwise secure, and in this case we need to be
able to determine that auto opening "foo/bar" is something that has the
potential for being the thing that breaks the system.
> It just seems silly to me that we
> keep trying to write software to be smarter than the user, rather than
> just writing software that works for the users. While the majority of
> people on the planet don't know what a python script is, it still will
> be very annoying to have to click through an extra dialog every time I
> want to view a python file on web svn.
So then we can discuss adding site-wide whitelists or something like we
this if we have the information.
More information about the xdg