Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)

From: Charles Goodwin <charlie xwt org>
To: Fabio Gomes <bugtraq gs2 com br>
Cc: Colin Walters <walters verbum org>, gnome-devel-list gnome org, nautilus-list gnome org, Gnome List <gnome-list gnome org>, gnome-vfs-list gnome org
Subject: Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
Date: Fri, 26 Dec 2003 01:44:39 +0000

On Fri, 2003-12-26 at 01:19, Fabio Gomes wrote:
> Some people are telling that if we use file suffixes to determine MIME
> types, GNOME will have the same vulnerabilities that Windows has. This
> is not true.

Look, let's put it into real terms.

A file type is not determined by it's extension.  The
detection-by-extension ethos is a _hack_.  A hack to make things easy,
but as with all hacks it has it's drawbacks and some massive ones at
that.

We could debate all night on what those drawbacks are.

The reality is that a file's type is determined by two things: it's
content and what the user wishes.

Yes, file sniffing is slow.  So implement it in a way that does not
affect the user.  Last time I used Nautilus, I could scroll up and down
and jump between folders without extra pause, whilst Nautilus updates
itself in the background.  So what is the issue?  It only updates what
is in immediate view (as I recall) so you just scroll to your desired
file and, if necessary, wait the 2s for it to be detected.

If Nautilus is wrongly detecting a file type it is a _bug_ and should be
dealt with as such.  It is nothing to do with the system used by
Nautilus.  Detection of type by file extension is far more error prone
and relies much more on correctness of user input which is an
unreasonable expection on lay users.

If you are having a problem opening a file in your preferred
application, that is a shortcoming on behalf of the Nautilus interface
and is a _bug_ or a _missing_feature_ and should be addressed as such.

> The bugs present in Micros~1 Windows are not due to file type detection
> by suffix. 

Wrong, they are.  By due nature of the ridiculous method, people
associate .jpg files or .gif files as images.  This introduces a problem
with visual association.

Somebody gets an email with an attachment such as 'pretty.jpg.exe' or
'sexy.gif.pl' and they open it up.  Yes, this is due to file type
detection by suffix because you are subconciously causing people to
recognise file types by file suffix and hence they can be easily
mislead.

You are expecting either 1) an unreasonable level of technical education
or 2) an unrealistic level of file/email security in order for this not
to introduce security issues.  Period.

One goal of Gnome is to make Free Software desktops a global reality (as
if it already isn't).  Introducing notions that add to the confusion
just to save a few cpu cycles and/or to make things look snappier
on-the-surface is no way to achieve that goal; unless you want a buggy,
insecure system but that niche is already well filled.

I wish this pointless discussion would go away.  It's clogging up my
inbox.  Really, there's some damn clever guys hacking Gnome and this
fairly important issue will have been rehashed over and over and over
again by people far more active, informed, and intelligent than either
you or me.

- Charlie

-- 
Charles Goodwin <charlie xwt org>
Member of the XWT Foundation

The future of the net - www.xwt.org

Follow-Ups:
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes
- Re: FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Jason A. Pfeil

References:
- Why file content sniffing sucks
  - From: Fabio Gomes
- Re: Why file content sniffing sucks
  - From: Jeff Waugh
- FUD about security and file extensions (was Re: Why file content sniffing sucks)
  - From: Fabio Gomes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]