|
[openbeos]
||
[Date Prev]
[01-2005 Date Index]
[Date Next]
||
[Thread Prev]
[01-2005 Thread Index]
[Thread Next]
[openbeos] Re: kernel mime_table module
- From: "Axel Dörfler" <axeld@xxxxxxxxxxxxxxxx>
- To: openbeos@xxxxxxxxxxxxx
- Date: Mon, 10 Jan 2005 17:17:03 +0100 CET
"David McPaul" <dmcpaul@xxxxxxxxxxxxxx> wrote:
> > Shouldn't it go the other way around? Ie. test the name first, and
> > then look for the contents?
> The trouble with testing the name (usually just the extention) is
> that
> you run the risk of files being disguised. Extensions are all well
> and
> good as long as they can be trusted. As any windows user can tell
> you,
> extensions cannot be trusted.
Which is not a huge problem, and can be ignored for the non-malicious
case. If the user needs those file systems, then it is his
responsibility to make sure the extensions are correct.
> I would ask the question, Can we guarantee that an executable file
> ending in .AVI will never get executed by the OS.
>
> This is particularly important if we guess first from the extension
> then get it right from the contents which may involve a delay where
> the
> user can be fooled into running it.
>
> User sees AVI extension and ICON says its a movie. Goes to double
> click, OS finishes sniffing file and changes icon to
> executable.......
That's not how I anticipated it - files where the extension is
recognized wouldn't be scanned at all again. The system would accept
the file system deficiency and make the best of it.
Only the contents of files that weren't recognized by extension would
be scanned later and asyncronously. So in any case, the user wouldn't
be fooled into executing such a file.
Bye,
Axel.
|
|
