On Thursday 24 October 2002 14.01, Daniel Naber wrote:
> On Thursday 24 October 2002 08:44, Roger Larsson wrote:
> 
> > * Require approval when starting executables?
> 
> We show a dialog for *any* attachment. I don't know how you can click on an 
> attachment without getting a dialog (except for forwarded mails). Please 
> forward such a message.

Maybe that is the problem. People get used to always click "Open"
that they do not note that a executable is far worse...
 Color it red with a bomb when it is an executable - script, PE or ELF.

But of cause *.pdf was one of the most recent problems...

> 
> > get when opening a .ps ... It should be big and red and not possible to
> > turn of! (use 'file' to check - file extention is not safe)
> 
> Even the warning for *.ps etc cannot be turned off.
> 
> > * Running in chroot jail?
> 
> This is not KMail specific, besides the problem that things might not work 
> in a jail.

Well it kind of KMail specific, since KMail and Konqueror are the most likely
entry point for malicious code/data...

But it could be the right way anyway.
Suppose all attachments are opened in a jail - ultimate distrust of stuff 
received from outside. But then web browsing should be run in that jail 
too... Can konqueror run in a jail.

With this it would be possible to prevent malicious code to read/modify your
private configuration files. It could add itself to Autostart, or hook into
applinks.

/RogerL

-- 
Roger Larsson
Skellefteċ
Sweden

_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail