Trusted vs Unstrusted MIME types
Thomas Leonard
talex5 at gmail.com
Mon Jul 9 14:10:50 PDT 2007
On Mon, 09 Jul 2007 14:06:29 +0200, Stanislav Brabec wrote:
> Patryk Zawadzki wrote:
>
>> I'd propose an additional (and optional) line in Desktop files:
>> UntrustedData=<Allow|Ask|Deny>
>
> Nice, but insufficient.
>
> Imagine GIMP.
>
> It can "safely" open JPG, GIF, but not a Python-Fu script.
> It would be better to make it per desktop and per MIME type specific.
You have to be a bit careful here, because you can't be sure the browser
will see the same type as the Gimp. e.g. the HTTP header says it's
image/jpeg so the browser thinks it's safe, but Gimp looks at the data to
work out the type and decides it's a Python script.
The easiest solution is probably to have two commands in this case: "gimp
FILE" for trusted data and "gimp --untrusted FILE" for untrusted data.
Mark only the second one as "safe".
Or, as Michael said elsewhere in this thread, pass the type detected by
the browser to the application, but I don't think we have a standard way
to do that.
A third option is to "taint" the data somehow ("this is untrusted"), but
again we don't have a general way to express that.
--
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg
mailing list