Trusted vs Unstrusted MIME types

Thomas Leonard talex5 at gmail.com
Tue Jul 10 10:37:57 PDT 2007


On Tue, 10 Jul 2007 08:56:53 +0200, Josef Spillner wrote:

> On Tuesday 10 July 2007 00:54:16 Michael Richardson wrote:
>>   I think that we have to come up with such a standard, do a version of
>> getopt_long that grok's it, and then evangelize/evangelize/evangelize.
> 
> And a version of D'n'D and all of the other methods of how applications might 
> access data? Unlikely.

Well, DnD already passes the MIME type, and the clipboard protocol is
basically the same, I think (it's been a while since I checked the details).

Passing the 'tainted' flag would require some changes, but as long as the
sender can tell whether the receiver supports the new system, it's not too
bad. e.g.

  "The program you dragged this data to might not be designed to handle
  untrusted data. Only continue if you trust the creator of this file."

It's still annoying, but at least the authors of the program could add
support and make the warning go away.

Seems like a lot of work, though. You'd want support at the toolkit level
when you register your DnD handler, I think (i.e. you have to explicitly
flag types which you claim to handle safely). It would be interesting to
integrate it with languages which actually support the concept of
tainting natively too.


-- 
Dr Thomas Leonard		http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1



More information about the xdg mailing list