Re: Fixing the mime horror ini Debian
Le vendredi 13 juillet 2012 à 14:26 +0200, George Danchev a écrit :
> > It you want to make xdg-open useable for everything, please also
> > add a way to specify the mime type as option. Without that using
> > it for opening mail attachements or stuff downloaded (i.e. things
> > that already show a mime type before you open it) is simply
> > introducing a security bug.
It is much better to let xdg-open or what it launches determine the MIME
type by inspecting the contents of the file instead of reading the MIME
type from an email, anyway.
For browsers, there is a list of safe/unsafe MIME types, so inspection
is not required, but I’m not aware of a similar mechanism for email
readers.
> It appears that this has been done already, at least kfmclient accepts
> mimetype as an option. However, for such sensitive use cases, I'd rather skip
> the yet another level of indirection of having to second-guess an "opener"
> app, being it xdg-open, kfmclient or any other, by mimetype hints, and just
> inspect/dissect/open the suspicious thing as I find it most appropriate
> depending on the circumstances (available inspection apps, time, etc)
This is already what e.g. gvfs-open does: the MIME type is determined
through content inspection according to the fd.o MIME specification.
--
.''`. Josselin Mouette
: :' :
`. `'
`-
Reply to: