Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- From: Ryan McDougall <ryan mcdougall telusplanet net>
- To: Fabio Gomes <bugtraq gs2 com br>
- Cc: Colin Walters <walters verbum org>, gnome-devel-list gnome org, nautilus-list gnome org, gnome-list gnome org, gnome-vfs-list gnome org
- Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
- Date: Sat Dec 27 06:00:50 2003
On Thu, 2003-12-25 at 18:19, Fabio Gomes wrote:
> Some people are telling that if we use file suffixes to determine MIME
> types, GNOME will have the same vulnerabilities that Windows has. This
> is not true.
[snip]
> --
> Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)
>
> .- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
> |- IT Infrastructure :: Security :: Embedded systems :: Linux
> `- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br
>
My 2 cents: MIME Type by suffix only for speed/time critical
applications, such as displaying large directories. Proper MIME Type
sniffing for all "real" operations, such as file associations. Basically
using suffix as an approximation algorithm to speed things up for
noncritical operations.
Neither MIME database or suffix based ways are going to be perfect, so
we should be constraining our ideas to what ways we can get them to work
together.
Cheers,
Ryan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]