Werent we talking about trojans on Linux?

Tue Oct 29 11:16:37 GMT 2002

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 29 October 2002 01:40, Ingo Klöcker wrote:
> KMail executes the following code when an URL is clicked:
> =====
>     KMimeType::Ptr mime = KMimeType::findByURL( mUrl );
>     if (mime->name() == "application/x-desktop" ||
>         mime->name() == "application/x-executable" ||
>         mime->name() == "application/x-shellscript" )
>     {
>       if (KMessageBox::warningYesNo( 0, i18n( "Do you really want to
> execute"
>         " '%1'? " ).arg( mUrl.prettyURL() ) ) != KMessageBox::Yes)
> return;
>     }
>     (void) new KRun( mUrl );
> =====

I suggest adding a test for application/x-msdos-program

> As you can see we already ask when the user clicked on some programs. We
> should probably change this blacklist to a whitelist, i.e. instead of
> showing the warning for files with a few given insecure mime-types we
> should show the warning for all files except those with a secure
> mime-type. As text/html is also insecure (because it might contain
> malicious Java, JavaScript, Plugins, etc.) we would have to show this
> warning each time a user clicks on a simple HTML link in an email. Is
> it really worth annoying the user with this warning just because 1 in
> 1.000.000 HTML pages contains malicious code? Should we add a don't
> show again checkbox? If yes, then why show the warning at all when the
> user can turn it off. The don't show again config entry should depend
> on the mime-type so that the user can decide for each mime-type
> separately whether he wants to be warned in the future or not.

Hmm? Does Konqueror/KHTML warn about pages containing Java/Javascript/Plugins?
I'm not aware of "malicious" code using those (except java applets for which the
user grants permission, so that's covered too). I don't see the problem here.

> BTW, currently we only get the mimetype by URL which means anyone could
> sell us an executable as JPEG image with name bomb.jpg. KRun would
> realise that this isn't a JPEG image and would then probably run
> bomb.jpg.

Wrong. KRun uses KMimeType too, and would launch an image viewer for bomb.jpg.
The image viewer would display crap, that's all that would happen.
(Note: I'm talking about local files here. KRun works differently for remote files,
but that's not a concern for KMail attachments, they are always local).

> As you can see protection has to be built into KRun and not
> into KMail so that KRun can be configured to only executes
> trusted/secure/whatever files.

Possibly, but not from the arguments above.

> Done. It can't really be fixed in KMail since KMail doesn't know the
> real mimetype of the file a link points to but only the mimetype which
> the filename indicates (which is in general completely bogus in case of
> virusses). KRun or a subclass of KRun, e. g. KRunSecure, has to be
> secured against running potentially dangerous programs without warning
> the user.

KRun does its job, it runs the thing. I believe high-level warnings have to be
done in the application itself - e.g. kmail, and konqueror. Only kmail knows that
the thing to run is "insecure" (because it comes from a mail). If I have a local
.exe and I click on it, I don't want a KRun warning "hey this file might contain
a virus". Ok, it might, but so do linux binaries, and you don't have to confirm you
really want to run "ls" everytime you type "ls", right?

- -- 
David FAURE, david at mandrakesoft.com, faure at kde.org
http://people.mandrakesoft.com/~david/
Contributing to: http://www.konqueror.org/, http://www.koffice.org/
Get the latest KOffice - http://download.kde.org/stable/koffice-1.2/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9vm4V72KcVAmwbhARAlOwAJ94J45SQcpXFQ4lw+sV8xTBK27lxACcCauN
9lU9nBfGbLE/8WCa7OXp0Hc=
=wROt
-----END PGP SIGNATURE-----