Re: Nautilus, metadata and extendet attributes

Xavier Bestel wrote:
Le ven 30/01/2004 à 09:34, Heinrich Rebehn a écrit :

If the user decides to use "wrong" extensions, it's his decision, and if the image viewer displays garbage because "pic.jpg" contains ascii, he can use the file command to check what's wrong.

No. When files come from somewhere else, the user hasn't decided
anything. If nautilus does put your computer on fire when trying to
display "remote-location:///pic.jpg" because at the last moment it
decided it's an executable, the file command is completely useless.

Nautilus should *never* start an executable without permission of the user. Don't copy this weird behaviour from Windows(tm).

Deciding on file extensions enables all sorts of mistakes and malicious
attacks, just open your eyes and look at the weekly Windows exploits.

(My eyes are open, no need for your advice)

It won't take long for exploits to emerge that fool the mimetype-sniffing algorithm. Any algorithm can be fooled, be it extensions or sniffing.

There is nothing specifically dangerous about file extensions. It's Windows default configuration that causes the problems.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]