Werent we talking about trojans on Linux?
Ingo Klöcker
kloecker at kde.org
Wed Oct 30 00:23:10 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 29 October 2002 12:16, David Faure wrote:
> On Tuesday 29 October 2002 01:40, Ingo Klöcker wrote:
> > KMail executes the following code when an URL is clicked:
> > =====
> > KMimeType::Ptr mime = KMimeType::findByURL( mUrl );
> > if (mime->name() == "application/x-desktop" ||
> > mime->name() == "application/x-executable" ||
> > mime->name() == "application/x-shellscript" )
> > {
> > if (KMessageBox::warningYesNo( 0, i18n( "Do you really want
> > to execute"
> > " '%1'? " ).arg( mUrl.prettyURL() ) ) != KMessageBox::Yes)
> > return;
> > }
> > (void) new KRun( mUrl );
> > =====
>
> I suggest adding a test for application/x-msdos-program
And probably also x-msdos-screensaver and x-msdos-pif and x-msdos-vbs
and ... text/ghostscript (because of the security bug in kghostview)
and ....
As you can see a black list won't help us since something will always be
missing from this list. OTOH text/ghostscript would for sure be on the
white list.
[snip]
> Hmm? Does Konqueror/KHTML warn about pages containing
> Java/Javascript/Plugins? I'm not aware of "malicious" code using
> those (except java applets for which the user grants permission, so
> that's covered too). I don't see the problem here.
What if the user binds HTML to "wine ie.exe"? ;-)
> > BTW, currently we only get the mimetype by URL which means anyone
> > could sell us an executable as JPEG image with name bomb.jpg. KRun
> > would realise that this isn't a JPEG image and would then probably
> > run bomb.jpg.
>
> Wrong. KRun uses KMimeType too, and would launch an image viewer for
> bomb.jpg. The image viewer would display crap, that's all that would
> happen. (Note: I'm talking about local files here. KRun works
> differently for remote files, but that's not a concern for KMail
> attachments, they are always local).
This complaint was about URLs in email messages and not about
attachments.
> > Done. It can't really be fixed in KMail since KMail doesn't know
> > the real mimetype of the file a link points to but only the
> > mimetype which the filename indicates (which is in general
> > completely bogus in case of virusses). KRun or a subclass of KRun,
> > e. g. KRunSecure, has to be secured against running potentially
> > dangerous programs without warning the user.
>
> KRun does its job, it runs the thing. I believe high-level warnings
> have to be done in the application itself - e.g. kmail, and
> konqueror. Only kmail knows that the thing to run is "insecure"
> (because it comes from a mail). If I have a local .exe and I click on
> it, I don't want a KRun warning "hey this file might contain a
> virus". Ok, it might, but so do linux binaries, and you don't have to
> confirm you really want to run "ls" everytime you type "ls", right?
Yes. It's very hard to decide whether a warning should be shown or not.
I guess I will add mimetype dependant warnings which can be disabled
for each mimetype separately. This way the users can decide for
themselves for which mimetypes they want to get a warning and for which
they don't want to be warned. For some mimetypes disabling the warning
should probably not be possible though.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9vyZ1GnR+RTDgudgRAnPpAJ9u0ZueMCheUZu5z5qXkGuPmck28wCguFYc
/u4mnvyf45ed7pYQ+tC9Z7I=
=O24b
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list