Surely files Mozilla has saved to disk are the ones _not_ to be trusted, because they came from
the web rather than being locally authored?
Mozilla can't save files to disk; only users can do that
using Mozilla as a tool.
That's splitting hairs. :-) Such files are not to be trusted /de facto/, because we can assume the user has not audited them.
I'm not recommending it, but you can imagine a browser that records all files saved to local disk, and allows those files to be reloaded on the assumption that they're "safer" (since they're blessed by the user).
That would would be perverse, given the way files are currently saved. How does a user saving a file make it any more safe?
In general, I don't see why Mozilla should deem the Web to be a more hostile place than local disk. They merely have different risk profiles, to be handled differently.
Content on the local disk is (or is supposed to be) from a known source (your OS vendor, your own creations, your digital camera). Content on the web could have been written by anyone with any motives. Clearly it's a more hostile place!
I've said marking the web as unsafe is suicidal technology politics, and I'm happy to iterate for cross-examination that view somewhere else where it's on-topic.
Thanks for doing so - I've commented in that thread.
Because the Mozilla-generated credential in roc's scenario (an HTML comment) is easily forged (its trivially encrypted).
What program or person would do so, and why? Who would want to change a file on disk to have _less_ privileges than would otherwise be the case?
The format is standard enough that a quick regexp check can tell you if there's one in a page you are saving, and you can remove it.
It's the user that needs security, not the files. Mozilla currently allows you to save your downloaded .exe in the StartUp folder on Windows, for example (he says without testing). Or you can save a file as C:\autoexec.bat. Where's the "extra security" in that.
But we don't default to saving files in either location. I hope.
By anyone with access to the desktop or command line; the user.
That's fine. If a user opens a Word file and randomly twiddles bits, it may break, or he may disable the macro virus protection. If a user opens an HTML file and randomly twiddles bits, it may break, or he may disable the malicious JS protection.
Again, I'm confused here. The MOTW is, as I understand it, used to apply security restrictions to the page (e.g. so it can't read from local disk). Why would an IDE ever want to put one in? And, if it did, what's the security problem with the page having less abilities than it otherwise would?
"Put a doctor in a leper colony, and all you get is another leper". (with apologies to those with Hodgkin's disease). Neither you not I can rely on all the IDEs, servers, browsers and misguided Visual Basic programmers out there to use the mark of the web correctly.
Say all HTML editors put a bogus randomly-generated MOTW in all their files. Where's the security risk?
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
