=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 29 October 2002 12:16, David Faure wrote:
> On Tuesday 29 October 2002 01:40, Ingo Kl=F6cker wrote:
> > KMail executes the following code when an URL is clicked:
> > =3D=3D=3D=3D=3D
> >     KMimeType::Ptr mime =3D KMimeType::findByURL( mUrl );
> >     if (mime->name() =3D=3D "application/x-desktop" ||
> >         mime->name() =3D=3D "application/x-executable" ||
> >         mime->name() =3D=3D "application/x-shellscript" )
> >     {
> >       if (KMessageBox::warningYesNo( 0, i18n( "Do you really want
> > to execute"
> >         " '%1'? " ).arg( mUrl.prettyURL() ) ) !=3D KMessageBox::Yes)
> > return;
> >     }
> >     (void) new KRun( mUrl );
> > =3D=3D=3D=3D=3D
>
> I suggest adding a test for application/x-msdos-program

And probably also x-msdos-screensaver and x-msdos-pif and x-msdos-vbs=20
and ... text/ghostscript (because of the security bug in kghostview)=20
and ....
As you can see a black list won't help us since something will always be=20
missing from this list. OTOH text/ghostscript would for sure be on the=20
white list.


[snip]
> Hmm? Does Konqueror/KHTML warn about pages containing
> Java/Javascript/Plugins? I'm not aware of "malicious" code using
> those (except java applets for which the user grants permission, so
> that's covered too). I don't see the problem here.

What if the user binds HTML to "wine ie.exe"? ;-)


> > BTW, currently we only get the mimetype by URL which means anyone
> > could sell us an executable as JPEG image with name bomb.jpg. KRun
> > would realise that this isn't a JPEG image and would then probably
> > run bomb.jpg.
>
> Wrong. KRun uses KMimeType too, and would launch an image viewer for
> bomb.jpg. The image viewer would display crap, that's all that would
> happen. (Note: I'm talking about local files here. KRun works
> differently for remote files, but that's not a concern for KMail
> attachments, they are always local).

This complaint was about URLs in email messages and not about=20
attachments.


> > Done. It can't really be fixed in KMail since KMail doesn't know
> > the real mimetype of the file a link points to but only the
> > mimetype which the filename indicates (which is in general
> > completely bogus in case of virusses). KRun or a subclass of KRun,
> > e. g. KRunSecure, has to be secured against running potentially
> > dangerous programs without warning the user.
>
> KRun does its job, it runs the thing. I believe high-level warnings
> have to be done in the application itself - e.g. kmail, and
> konqueror. Only kmail knows that the thing to run is "insecure"
> (because it comes from a mail). If I have a local .exe and I click on
> it, I don't want a KRun warning "hey this file might contain a
> virus". Ok, it might, but so do linux binaries, and you don't have to
> confirm you really want to run "ls" everytime you type "ls", right?

Yes. It's very hard to decide whether a warning should be shown or not.=20
I guess I will add mimetype dependant warnings which can be disabled=20
for each mimetype separately. This way the users can decide for=20
themselves for which mimetypes they want to get a warning and for which=20
they don't want to be warned. For some mimetypes disabling the warning=20
should probably not be possible though.

Regards,
Ingo

=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9vyZ1GnR+RTDgudgRAnPpAJ9u0ZueMCheUZu5z5qXkGuPmck28wCguFYc
/u4mnvyf45ed7pYQ+tC9Z7I=3D
=3DO24b
=2D----END PGP SIGNATURE-----