Re: Nautilus, metadata and extendet attributes

Le ven 30/01/2004 à 11:01, Heinrich Rebehn a écrit :

> Nautilus should *never* start an executable without permission of the 
> user. Don't copy this weird behaviour from Windows(tm).


> > Deciding on file extensions enables all sorts of mistakes and malicious
> > attacks, just open your eyes and look at the weekly Windows exploits.
> (My eyes are open, no need for your advice)
> It won't take long for exploits to emerge that fool the 
> mimetype-sniffing algorithm. Any algorithm can be fooled, be it 
> extensions or sniffing.

Sniffing can be fixed. A simple rename will fool file extension
"detection", always.

> There is nothing specifically dangerous about file extensions. It's 
> Windows default configuration that causes the problems.

Windows is the only system I used which relies on file extensions, and
it shows the concept is indeed broken to death (my prediction is that
they will use something else someday).
Apart from Gnome which uses sniffing, the other systems I used stored
some metadata at file creation time somewhere on the filesystem (either
as true metada for macos, or in some kind of special file). This system
has proven it's reliable: files were either "natively" typed or clearly
marked as unknown type - even if they had an extension. IMHO, just add
sniffing for these unknown files and you have a perfect system.

I have the feeling this discussion is slowly drifting to an opinion
contest. Let's wait for the new Nautilus, appreciate its speed gain and
care about the extension detection goofiness. Then let's make patches to
improve the situation :)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]