Expanded registrations for KOffice mime types
Thomas Zander
zander at planescape.com
Fri May 24 17:36:46 BST 2002
On Fri, May 24, 2002 at 12:54:18AM +0200, Marc Mutz wrote:
> On Thursday 23 May 2002 23:42, Nicolas Goutte wrote:
> > "ZIP archives, XML files and supported image files"
> >
> > Do WMF (Windows Meta Files) count as images too? What is the security
> > status of those?
> >
> > As far as I know, KPresenter is prepared to have sound files. This
> > should perhaps be noted too, shouldn't it?
...
> Hmm, of course. There opens a can of worms:
> What about e.g. SVG images with embedded JavaScript? How do you want to
> handle those? Allow it? Ignore the JavaScript? Strip it off before
> including it in the KApp document?
>
> More generally: Is there a KOffice policy regarding external content
> that may have embedded active content? (PostScript is known to be able
> to do nasty things like IIRC accessing the local file system when
> interpreted)
>
> Marc
svg/eps/wml etc are all embedded in the document (but that is optional to
begin with). The document that uses the mime-type is a zip; so basically
you can include any executable/shell script virus in there as you want.
The statement that it does not introduce extra security concerns it therefor
complete.
For the people that are afraid that I am sidestepping the problem with that;
on the question of using any scripts or other possible virii like code in the
archive we keep and always will have the statement that we believe in seperation
of document-data and executable-data. We will never allow something to be
executed when it (or its container) is marked as document data.
Cheers!
--
Thomas Zander zander at planescape.com
We are what we pretend to be
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20020524/2f9a1817/attachment.sig>
More information about the kde-core-devel
mailing list