Re: Nautilus, metadata and extendet attributes

From: Heinrich Rebehn <rebehn ant uni-bremen de>
To: Xavier Bestel <xavier bestel free fr>
Cc: nautilus-list gnome org
Subject: Re: Nautilus, metadata and extendet attributes
Date: Fri, 30 Jan 2004 11:01:34 +0100

Xavier Bestel wrote:

Le ven 30/01/2004 à 09:34, Heinrich Rebehn a écrit :
If the user decides to use "wrong" extensions, it's his decision, and ifthe image viewer displays garbage because "pic.jpg" contains ascii, hecan use the file command to check what's wrong.
No. When files come from somewhere else, the user hasn't decided
anything. If nautilus does put your computer on fire when trying to
display "remote-location:///pic.jpg" because at the last moment it
decided it's an executable, the file command is completely useless.

Nautilus should *never* start an executable without permission of theuser. Don't copy this weird behaviour from Windows(tm).


Deciding on file extensions enables all sorts of mistakes and malicious
attacks, just open your eyes and look at the weekly Windows exploits.


(My eyes are open, no need for your advice)

It won't take long for exploits to emerge that fool themimetype-sniffing algorithm. Any algorithm can be fooled, be itextensions or sniffing.

There is nothing specifically dangerous about file extensions. It'sWindows default configuration that causes the problems.


Heinrich

Follow-Ups:
- Re: Nautilus, metadata and extendet attributes
  - From: Xavier Bestel

References:
- RE: Nautilus, metadata and extendet attributes
  - From: Manuel Amador (Rudd-O)
- Re: Nautilus, metadata and extendet attributes
  - From: Heinrich Rebehn
- Re: Nautilus, metadata and extendet attributes
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]