Expanded registrations for KOffice mime types

Nicolas Goutte nicog at snafu.de
Fri May 24 21:49:30 BST 2002 

On Friday 24 May 2002 00:54, Marc Mutz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thursday 23 May 2002 23:42, Nicolas Goutte wrote:
> > I am sorry to be picky again!
>
> You're welcome... ;-)
>
> > "ZIP archives, XML files and supported image files"
> >
> > Do WMF (Windows Meta Files) count as images too? What is the security
> > status of those?
> >
> > As far as I know, KPresenter is prepared to have sound files. This
> > should perhaps be noted too, shouldn't it?
>
> <snip>
>
> > On Thursday 23 May 2002 21:36, Marc Mutz wrote:
> > (...)
> >
> > >         As of this writing, KWord documents do not contain any
> > > active content. As such, it is believed that usage of this mimetype
> > > does not introduce security concerns other than those already
> > > inherent in ZIP archives, XML files and supported image files.
> >
> > (...)

A forenote: I am talking about KWord and KPresenter, as unfortunately I do not 
know the other programs enough to comment on them.

>
> Hmm, of course. There opens a can of worms:
> What about e.g. SVG images with embedded JavaScript? How do you want to
> handle those? Allow it? Ignore the JavaScript? Strip it off before
> including it in the KApp document?

SVG in KWord/KPresenter is handled by QT, so I do not think that it can do 
Javascript or any other script. And even if we would switch to more powerful 
SVG classes (KSVG?) in the future, I suppose that the no-script policy of 
KOffice will prevail. (For example: KWord's HTML import filter disables 
JavaScript.)

However, the SVG file is not censored in any way before being stored in the 
ZIP file. In the past, the SVG was loaded in a QPicture and saved again from 
this QPicture. However, this decreased the quality of SVG files, therefore 
this way was abandonned. Now, we do not modify the file anymore. Please note 
that we had the same quality problem with JPEG and EPS. In a lesser extend, 
PNG and WMF were affected too.

>
> More generally: Is there a KOffice policy regarding external content
> that may have embedded active content? (PostScript is known to be able
> to do nasty things like IIRC accessing the local file system when
> interpreted)

As far as I know, the no-script policy of KOffice means that we do not rely on 
any script in a document. However, EPS is perhaps a border case. 

In KWord and KPresenter, EPS is currently read by kimgio to produce an image 
out of it. I do not know what any evil code could do here, as I do not know 
the code of kimgio and I do not know how to do nasty stuff with Postscript.

The printing of EPS is currently done by only printing its image. However this 
is considered to be a bug by many users, as they want a real PostScript 
output. Therefore this will probably be changed in future KOffice versions. I 
have no idea about any potential security issue in that case.

>
> Marc

Have a nice day/evening/night!

>
> - --
> Marc Mutz <mutz at kde.org>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (GNU/Linux)
>
> iD8DBQE87XMa3oWD+L2/6DgRAinXAKD3iYIVUGKHFbxZsn3nSH+gSnr3SACg1euK
> TDMzdfC4eUjt8Nf/KBPlgnc=
> =j6j4
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> koffice-devel mailing list
> koffice-devel at mail.kde.org
> http://mail.kde.org/mailman/listinfo/koffice-devel

More information about the kde-core-devel mailing list