Bug#408948: Status update

Loïc Minier lool at dooz.org
Tue Feb 13 10:46:28 CET 2007


        Hi,

 Log of an IRC conversation on the status of this bug is attached.  In
 short, it might be easier to workaround this problem at the nautilus
 level, it's way riskier at the gnome-vfs2 level.

 Tentative patch for nautilus which didn't work is attached.

    Bye,
-- 
Loïc Minier <lool at dooz.org>
-------------- next part --------------
10:16 < HE> lool: Hmmm, I don't see a discussion about #408948. Is soemone working on that bug?
10:31 < lool> HE: I tried to, but the gnome-vfs2 side of things seem very risky to change, so I thought I would patch nautilus as a started; I wrote a preliminary patch which didn't work, but this made we wonder about a huge problem of the suggested fix: it might break all files without extensions or which have currently working non-recognized extensions
10:32 < lool> HE: In short, the proposed approach is to check that the data maps to a mime type which is the same than the MIME type of the file extensions
10:32 < lool> HE: But you *must* fail when the extension has no corresponding mime type (such as ".jpg ")
10:33 < lool> HE: But that would break for files named without extension ("foo") or files named with weird extensions which seem logical for the user (foo.text, foo.dissertation, foo.notes, foo.readme, foo.clob)
10:33 < lool> HE: So, when I realized I might be breaking opening of a lot of files, I gave up to think about it a little
10:34 < lool> That, and my tentative patch didn't work :)
10:34 < lool> HE: Both security issues can be handled in the same area of nautilus, and I think this would lower the gnome-vfs side of things
10:35 < lool> HE: Oh, did I mention upstream isn't maintaining gnome-vfs2 anymore?
10:35 < HE> lool: It isn't?
10:35 < HE> lool: I seem to be a bit out of the loop wrt Gnome stuff.
10:35 < HE> lool: Has it shown to be too useful?
10:36 < lool> HE: There was a massive debunk of the POSIX semantics mapping by Alex and he's been working hard on a glib level replacement
10:37 < lool> But obviously, gnome-vfs2 is going to stay for a little while before apps are rewritten; and upstream is probably still taking patches
10:37 < HE> lool: Well, gnome-vfs being gnome-something was always a weirdo idea, but changing that sounds like something you would do when moving to glib3...
10:37 < lool> I doubt they are intereted in adding disruptive security checks like #408948 proposes :-/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nautilus-warn-extension.patch
Type: text/x-diff
Size: 2241 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20070213/2387d486/nautilus-warn-extension-0001.bin


More information about the Pkg-gnome-maintainers mailing list