* Sandro Tosi <mo...@debian.org> [090801 17:55]: > [ making sensible-browser a symlink to xdg-open] > Honestly, I don't that problem (but it won't surprise anyone if I'm > wrong) because it's something similar to double-click on a > malicious/dangerous executable in a file manager, hence why I wanted > to bring this to a wide audience.
Please consider the following cases, which are usually considered security bugs: - some commercial mail program (you may guess one time which company wrote it), automatically played audio files attached to an email when opeing it. To determine it is an audio file it looked at the mime type, to play it the usual generic file opening code is used. You may guess one time what happens if such a file is called "virus.exe". - The browser links (or one of its many derivatives) has a list of external programs for the different file types. When it is about to start and external program it shows what file and which content type (and I think which program) it is about to start. Sadly that default was for images not 'see image/png:%' and so on, but only 'see %'. As wine was registering itself as program to open windows executables with, people suddenly got wine starting up, when they thought they had only authorized starting an image. Even in the case of the file manager quoted above, I consider any program just calling xdg-open[2] with it as very likely a security problem. While users should not click on arbitrary stuff, they are usually shown a file-type of what they click on: some text in mail program's attachment list, an icon in a file manager and so on. Thus causing it to start something else[1] is not the fault of the user, but that of the program. The possible problem with changing sensible-browser I see: Currently sensible-browser is opening a browser. All browsers I have yet met only show html (with enough ugly things like javascript and plugins, but only what you also expose when surfing the net) or ask before starting an other program (or were told to never ask again). Thus it is quite thinkable that some program has some file downloaded it things is html and gives this file to s-b, which would not a problem now, but with xdg-open it likely could be. Hochachtungsvoll, Bernhard R. Link [1] one could argue no such list should contain possible harmful things, but especially with interpreters it is hard to be sure there is none left. [2] without giving the mime-type as some option I do not know xdg-open has got yet... -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org