[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixing the mime horror ini Debian

Le vendredi 13 juillet 2012 à 14:26 +0200, George Danchev a écrit : 
> > It you want to make xdg-open useable for everything, please also
> > add a way to specify the mime type as option. Without that using
> > it for opening mail attachements or stuff downloaded (i.e. things
> > that already show a mime type before you open it) is simply
> > introducing a security bug.

It is much better to let xdg-open or what it launches determine the MIME
type by inspecting the contents of the file instead of reading the MIME
type from an email, anyway.

For browsers, there is a list of safe/unsafe MIME types, so inspection
is not required, but I’m not aware of a similar mechanism for email

> It appears that this has been done already, at least kfmclient accepts 
> mimetype as an option. However, for such sensitive use cases, I'd rather skip 
> the yet another level of indirection of having to second-guess an "opener" 
> app, being it xdg-open, kfmclient or any other, by mimetype hints, and just 
> inspect/dissect/open the suspicious thing as I find it most appropriate 
> depending on the circumstances (available inspection apps, time, etc)

This is already what e.g. gvfs-open does: the MIME type is determined
through content inspection according to the fd.o MIME specification.

 .''`.      Josselin Mouette
: :' :
`. `'

Reply to: