[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: Werent we talking about trojans on Linux?
From:       Marc Mutz <Marc.Mutz () uni-bielefeld ! de>
Date:       2002-10-28 23:46:38
[Download RAW message or body]

On Tuesday 29 October 2002 00:34, Karl-Heinz Zimmer wrote:
> On Tuesday 29 October 2002 00:26, Karl-Heinz Zimmer wrote:
> > On Tuesday 29 October 2002 00:05, Rinse de Vries wrote:
> > > Hi,
> > >
> > > just received a mail  l in kde-i18n-doc with the following link:
>
> http://www.dilbert.com/comics/dilbert/desktop_diversions/images/dilbe
>rt_screensaver.zip
>
> > > When pressing this link, KMail automagicly opens 'ark' and starts
> > > downloading the compressed file, without any warning...

Same as with Konq. What do you want? Of course it's unbearable if KDE 
starts a freshly downloaded .exe in wine (or a .py in python for that 
matter), but then again _you_ told it to. It's not the default and not 
an option in the KDE.org KDE install to have executable mimetypes bound 
to a "viewer". It's either your distro that installs such freaky stuff 
(in which case you should consider changing to another distribution) or 
you yourself.

Of course, you could argue that it shouldn't be possible to assign 
"viewers" to executables. But where do you draw the line? PDF is 
clearly an executable, as is HTML w/ javascript, yet you want viewers 
for them.

> Ahem, it is night here and my brain will fall asleep soon: forget it,
> what happens when you click on this link is NOT controlled by KMail
> but by the viewer itself.
>
> So the big question is: Why the hell does the viewer start a download
> if it is not an image that's downloaded?
>
> IM(not so)HO this _is_ a security issue and must be investigated!
>
> I would even like to propose to find out about that _before_
> releasing 3.1!
<snip>

IMO, that's a social problem, not a technical one. People who assign 
wine to .exe files deserve it.

Marc

-- 
"You're hackers, aren't you," the barman said, eyeing us. No one said
a thing. The darkness of the Eurotunnel rolled by. Apparently we'd
given ourselves away by talking too enthusiastically about IPv6. He
looked around conspiratorially, lowered his voice. "Can you get me
some credit card numbers?"
      -- James J. King "What's the shortest way to hack a Linux box?"
         Telepolis 2001/08/11 (#9293)

[Attachment #3 (application/pgp-signature)]
_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic