On Sat, 07 Jul 2007 00:42:11 +0100, Bastien Nocera wrote: > On Fri, 2007-07-06 at 11:21 -0400, Christopher Aillon wrote: [...] >> Boris makes a good point. We definitely don't want users to "open" >> executables such as perl scripts with an interpreter as that is an easy >> way for an attacker to do things to an unwary user's system. We need >> some way to discern untrusted from trusted content. >> >> Looks like epiphany is doing this via >> http://svn.gnome.org/viewcvs/epiphany/trunk/data/mime-types-permissions.xml?revision=7005&view=markup >> >> I'd argue that we should consider moving this information to fd.o, >> perhaps into s-m-i itself. I'm not sure we need a separate XML file for >> it, though. Perhaps we could integrate this directly into the existing >> XML file? > > I'd be all for having this XML file's data available. Marking > untrustworthy mime-type wouldn't that much of a problem for our > implementation (apart from the ABI breakage of the cache).
How can a type be "safe" or "unsafe"? Safeness depends on the application. E.g. a python script is safe if you open it with a text editor, but not if you use a python interpreter. Perhaps applications that are designed to handle untrusted data safely could be flagged as such in their .desktop files? -- Dr Thomas Leonard http://rox.sourceforge.net GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
