Re: Nautilus, metadata and extendet attributes

From: Heinrich Rebehn <rebehn ant uni-bremen de>
To: "Manuel Amador (Rudd-O)" <amadorm usm edu ec>
Cc: Julien Olivier <julo altern org>, Xavier Bestel <xavier bestel free fr>, Olaf Frączyk <olaf cbk poznan pl>, nautilus-list gnome org
Subject: Re: Nautilus, metadata and extendet attributes
Date: Tue, 03 Feb 2004 21:13:58 +0100

Manuel Amador (Rudd-O) wrote:

El lun, 02-02-2004 a las 17:57, Julien Olivier escribi�

If users have associated Windows executable files with WINE, for
example, wine will run files whether they have extensions or not, as
long as they are PE (portable executable) files.  Users can then receive
something masquerading as a picture, but upon run, discover that their
files are gone.  That the risk is 1-in-100000 does not matter.


That's why I am strongly in favor of ALWAYS warning users about files
with extensions not matching their sniffed mime-type. Nautilus should
never open a file with a sniffed mime-type that is different from the
mime-type detected via its extension.



Warning the users about this problem is just a band-aid that might
minimize the risk, but not fix the source problem (implicit trust on
file extensions).

If a shellscript or binary has .jpg extension and we rely on extension,then image viewer is started, which will complain or crash. The filewill *NOT* get executed. Is this so hard to understand?? File extensionsare *NO* security risk!!!


	Heinrich

Follow-Ups:
- Re: Nautilus, metadata and extendet attributes
  - From: Julien Olivier

References:
- Re: Nautilus, metadata and extendet attributes
  - From: Manuel Amador (Rudd-O)
- Re: Nautilus, metadata and extendet attributes
  - From: Julien Olivier
- Re: Nautilus, metadata and extendet attributes
  - From: Manuel Amador (Rudd-O)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]