Re: (in)SECURITY: mozilla-bonobo

[Jean Bréfort <jean brefort ac-dijon fr>]

Le mer 03/12/2003 à 21:41, Sean Middleditch a écrit :
> On Wed, 2003-12-03 at 15:30, Fabio Gomes wrote:
> 
> > 	2. Create a "safe for web" flag that bonobo components must set if they
> > are intended to be used as web components
> 
> This makes a lot of sense.  Especially, of course, if its off by
> default.  Only components absolutely intended for use on the web should
> be used here.

I see another solution to that wg=hich might be very easy to implement.
Controls might have a "security_level" property in a PropertyBag. If
this property does not exist, mozilla-bonobo does not load the control,
and if it does it sets this property to 0 to notify the control that the
data might be insecure.
If this makes sense, I can easily write the patch.

> 
> Additionally, if bonobo componets can be told, 'this is untrusted data'
> (does gnome-vfs do this?  will that work with mozilla-bonobo?), then
> they can intelligently disable certain features they may know are unsafe
> (dangerous functions available to document macros, for example).

I am not sure we can rely on gnome-vfs, even if it is able to do that.
In most case, AFAIK, mozilla-bonobo relies on mozilla to determine the
mime-type and does not know the url. Christaian Glodt could tell us more
about that.

> 
> > 
> > 	Please, let's not make the same mistakes that Micros~1 did. Let's learn
> > from other's mistakes.
> > 
> > 	Time to flame me.
> > 
> > 	Also, time to think again about the creation of a gnome-security
> > mailing list.
> 
> That sounds like a most excellent idea.  Altho real security policies
> are needed; we don't want big exdploits posted to a public list before
> the GNOME community, and distros, have a time to apply patches for
> users.
> 
> > 
> > 	Thanks for your attention.

I this list opens, I subscribe.