Re: security holes in gnome-vfs application list (was Call for file



Alan Cox <alan redhat com> writes:

> I dont see what that changes. Does it matter if the user is given a cool
> picture clicks on it and gets cracked or whether it is automated ?

This has nothing to do with gnome-vfs or its handling of MIME types.
You have exactly the same problem with any application that opens
files.  I am pretty sure some day someone will find a terrible bug in
a GIMP plug-in and exploit it to rm -rf your home directory if your
image has a particular byte sequence.

So let's be as paranoid as possible, but not any more paranoid than that.

  Federico




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]