Mozilla can't save files to disk; only users can do that
using Mozilla as a tool.
That's splitting hairs. :-) Such files are not to be trusted /de facto/, because we can assume the user has not audited them.
No it's not. To extend you Word analogy elsewhere, Mozilla users can save .doc files to local disk, and such documents are not auditted either. So by the inverse of your argument .doc files save to disk are /de facto/ considered trustworthy according to Mozilla.
With MOTW in place, Mozilla and Firefox trusts Word documents more than it trusts web documents, passing them through the file-save cycle without modification. That is silly.
That would would be perverse. How does a user saving a file make it any more safe?
It's just an exercise in logical thinking 101, not an engineering proposal. Think about a shared fileserver. You don't delete fred's files because fred put them there. You do open fred's .doc files because you trust fred.
Content on the local disk is (or is supposed to be) from a known source (your OS vendor, your own creations, your digital camera). Content on the web could have been written by anyone with any motives. Clearly it's a more hostile place!
This thread's about a model that supports users _and_ web developers. Web development, which uses the local disk, is a highly unreliable activity, where every iteration of the work is filled with bugs (as for any software development). The "source" may produce reliable pages in the end, but most of the time they're in disarray.
I don't buy that "local sources" are more reliable in that case.
Also, your mindset is entirely negative. Who brainwashed you into thinking that the 0.01% of the content-providing Web citizens that are criminals are more important than the 99.99% that are perfectly reasonable? Media hype?
There's no reason to mark 100% of saved web pages unsafe because 0.01% might actually be so. That's overkill. Better to leave web pages as the entirely credible documents that they mostly are, and include some checks to make sure that no rare-case funny-business is going on.
Although the US lags, both Britain and Australia recently reported that the number of national villians on the web and using email had dropped significantly - in fact to an estimated zero in the case of AU. That is further evidence that the web is gaining in trust.
What program or person would do so, and why? Who would want to change a file on disk to have _less_ privileges than would otherwise be the case?
The thing is that the MOTW is a credential. All kinds of systems can be hung off of a credential, not just those that originate it. A speculative example: MSN Search might perform better then Google Desktop Search if it used the MOTW as a signal to search the matching original website as well as the local disk page. So Google Search adds that MOTW support in order to compete. Suddenly, your searches don't perform unless the mark is in place. So tools vendors add it. So web developers put it in. So it's used in live pages as well as locally saved ones.
The bottom line is still this: don't denigrate the value of web pages and the web with a negative mark. Uphold web pages as valuable documents. They are good the way they are and need no modification. A few special checks and an occassional warning is enough.
- N. _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
