Re: Another balsa bug... (was Re: crashes)
- From: Michael Gerdts <gerdts cae wisc edu>
- To: Matthew Guenther <mguenthe engr uvic ca>
- Cc: Balsa List <balsa-list gnome org>
- Subject: Re: Another balsa bug... (was Re: crashes)
- Date: Fri, 24 Mar 2000 11:06:37 -0600
On Fri, Mar 24, 2000 at 07:49:19AM -0800, Matthew Guenther wrote:
> On Fri, 24 Mar 2000, Michael Gerdts wrote:
> > OR perhaps the better approach is to use bonobo to bring in the
> > type-specific displayer. Presumably this would make it easy to deal with
> > alternative message display techniques. For example, I imagine that some
> > people would like to have audio controls embedded into the message when
> > they get an audio/basic attachment, particularly if that is their primary
> > way of communicating with a particular person. Other people may want to
> > forgo the overhead of starting up the audio app, since when they get
> > audio/basic files they either delete or save them without listening.
> >
>
> Ack! This has the potential to be a major security risk! I'm already wary
> of displaying HTML automatically with it's potential for abuse by spammers
> and more malicious attackers ... to allow the sender of a message to cause
> the automatic execution of a file would present a host of problems. A cool
> idea for sure, but very dangerous and tricky to do correctly.
True enough. I am not proposing that you allow the sender to specify
random commands be executed... I am just suggesting that a plugin scheme
would be nice, should users wish to use it. In case I wasn't clear...
users do not have to use the plugins, they can still have icons at the
bottom of the message.
By making use of components that are used in a dozen different programs
(though bonobo), there is a good chance that more developers have been
through the code and that security bugs are quickly flushed out. Note that
these plugins are actually the same programs that would likely get launched
when the user double-clicks on the icon anyway.
It could be that using a plugin scheme could provide enhanced security by
watching for suspicious system calls through the use of something like
LD_PRELOAD. For an example use of LD_PRELOAD, take a look at installwatch,
http://freshmeat.net/appindex/1998/09/29/907109750.html. An additional
safety measure may be to have the user be able to say that they are willing
to have automatic opening of specific types of documents from specific
people. Of course, my friends may unwittingly send me a virus or trojan as
well. Or headers could be forged to appear to come from my friends.
In any case, I see this no more dangerous than Netscape with a healthy
collection of plugins. (This assumes that Javascript is without security
issues or is disabled.)
Mike
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]