[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: merge sensible-browser in xdg-open AKA how to select the "best" browser

* Sandro Tosi <morph@debian.org> [090801 20:22]:
> x-o is just a glue around other too to try to identify the best
> candidate to open a file/URL. So there are 2 options: or is so damn
> wrong that it must be removed from the archive,

I'm not claiming it is totally wrong. As I said I did not look at what
it does. All I want to ask for: If you reinvent the wheel please make
it at least round. Better learn from the wheels that were there before.

It's really depressing to see the same security problems again and
again and again.

> or there must be a
> stronger reasoning to not merge s-b in x-o (even more that x-o already
> uses s-b) then *hypothetical* security problems.

All I ask for is that you understand that you are about the change the
relavant semantics of something security relevant, and act accordingly.


to the rest of the mail:

> > - The browser links (or one of its many derivatives) has a list of
> > external programs for the different file types. When it is about to
> > start and external program it shows what file and which content type
> > (and I think which program) it is about to start. Sadly that default
>
> not always: iceweasel (just to name one) asks but you can skip that
> window clicking on a box. Maybe you can skip that check for the every
> file, didn't want to check.

The browser "links" is not the browser "iceweasel".

> > Even in the case of the file manager quoted above, I consider any
> > program just calling xdg-open[2] with it as very likely a security problem.
> > While users should not click on arbitrary stuff, they are usually shown
> > a file-type of what they click on: some text in mail program's
>
> they are usually shown a file extension (quite different from the
> content of the file, if we consider a malicious situation) or an icon,
> and I think a malicious guy can fake the "show the icon for the file"
> algorithm.

Some filemanagers might have security problems. Being able to hide
a security problem by another security problem does not reduce the
problem.

> > The possible problem with changing sensible-browser I see:
> > Currently sensible-browser is opening a browser. All browsers I have yet
> > met only show html (with enough ugly things like javascript and plugins,
>
> I tried iceweasel with png, pdf, txt and also a odt, and guess what,
> it opened it :) (end I was also surprised it opened the ooffice file
> in an embedded tab, nice to know ;) ).

> > but only what you also expose when surfing the net)

as I said: it's as dangerous as you already are otherwise.

Hochachtungsvoll,
	Bernhard R. Link
Reply to: