From kde-core-devel Tue Oct 29 11:16:37 2002 From: David Faure Date: Tue, 29 Oct 2002 11:16:37 +0000 To: kde-core-devel Subject: Re: Werent we talking about trojans on Linux? X-MARC-Message: https://marc.info/?l=kde-core-devel&m=103589031523107 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 29 October 2002 01:40, Ingo Klöcker wrote: > KMail executes the following code when an URL is clicked: > ===== > KMimeType::Ptr mime = KMimeType::findByURL( mUrl ); > if (mime->name() == "application/x-desktop" || > mime->name() == "application/x-executable" || > mime->name() == "application/x-shellscript" ) > { > if (KMessageBox::warningYesNo( 0, i18n( "Do you really want to > execute" > " '%1'? " ).arg( mUrl.prettyURL() ) ) != KMessageBox::Yes) > return; > } > (void) new KRun( mUrl ); > ===== I suggest adding a test for application/x-msdos-program > As you can see we already ask when the user clicked on some programs. We > should probably change this blacklist to a whitelist, i.e. instead of > showing the warning for files with a few given insecure mime-types we > should show the warning for all files except those with a secure > mime-type. As text/html is also insecure (because it might contain > malicious Java, JavaScript, Plugins, etc.) we would have to show this > warning each time a user clicks on a simple HTML link in an email. Is > it really worth annoying the user with this warning just because 1 in > 1.000.000 HTML pages contains malicious code? Should we add a don't > show again checkbox? If yes, then why show the warning at all when the > user can turn it off. The don't show again config entry should depend > on the mime-type so that the user can decide for each mime-type > separately whether he wants to be warned in the future or not. Hmm? Does Konqueror/KHTML warn about pages containing Java/Javascript/Plugins? I'm not aware of "malicious" code using those (except java applets for which the user grants permission, so that's covered too). I don't see the problem here. > BTW, currently we only get the mimetype by URL which means anyone could > sell us an executable as JPEG image with name bomb.jpg. KRun would > realise that this isn't a JPEG image and would then probably run > bomb.jpg. Wrong. KRun uses KMimeType too, and would launch an image viewer for bomb.jpg. The image viewer would display crap, that's all that would happen. (Note: I'm talking about local files here. KRun works differently for remote files, but that's not a concern for KMail attachments, they are always local). > As you can see protection has to be built into KRun and not > into KMail so that KRun can be configured to only executes > trusted/secure/whatever files. Possibly, but not from the arguments above. > Done. It can't really be fixed in KMail since KMail doesn't know the > real mimetype of the file a link points to but only the mimetype which > the filename indicates (which is in general completely bogus in case of > virusses). KRun or a subclass of KRun, e. g. KRunSecure, has to be > secured against running potentially dangerous programs without warning > the user. KRun does its job, it runs the thing. I believe high-level warnings have to be done in the application itself - e.g. kmail, and konqueror. Only kmail knows that the thing to run is "insecure" (because it comes from a mail). If I have a local .exe and I click on it, I don't want a KRun warning "hey this file might contain a virus". Ok, it might, but so do linux binaries, and you don't have to confirm you really want to run "ls" everytime you type "ls", right? - -- David FAURE, david@mandrakesoft.com, faure@kde.org http://people.mandrakesoft.com/~david/ Contributing to: http://www.konqueror.org/, http://www.koffice.org/ Get the latest KOffice - http://download.kde.org/stable/koffice-1.2/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9vm4V72KcVAmwbhARAlOwAJ94J45SQcpXFQ4lw+sV8xTBK27lxACcCauN 9lU9nBfGbLE/8WCa7OXp0Hc= =wROt -----END PGP SIGNATURE-----