Re: new mime detection approach
- From: Julien Olivier <julo altern org>
- To: Mattias Eriksson <snaggen acc umu se>
- Cc: Nautilus <nautilus-list gnome org>
- Subject: Re: new mime detection approach
- Date: Thu, 15 Jan 2004 07:56:17 +0000
On Thu, 2004-01-15 at 07:37, Mattias Eriksson wrote:
> I see one security flaw with this solution and it is that the user might
> be fooled into running trojans and other kind of evil programs. If I
> send a user a executable with a .mp3 extension or .gif extension, it is
> detected according to the suffix. The user wants to taka a look at it
> and double-click the file. Now a sniff is performed and it is detected
> it is an executable and the file is run. Do we really want this?
>
I guess (hope) the idea is not to directly run the script/executable but
to warn the user that the file she assumed was a MP3 is actually an
executable file. I don't know if such a warning would be enough to
prevent users from hurting themselves...
Maybe a solution would to totally refuse to run a script/executable
whose extension doesn't match its mime-type (except if the file doesn't
have any extension). Hence users would have to rename the file before
running it.
--
Julien Olivier <julo altern org>
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]