Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine)

[gabriel.corona () free fr]

> I wonder if it would be worth proposing a change to whatever system
> component handles opening files (probably something in Glib, or
> xdg-utils, haven't researched that deeply yet), so that handlers cannot
> be registered for certain "dangerous" file types (i.e. ELF/PE/Mach-O
> executables, scripts in various languages, etc.)? The only real
> downside I can see to that is the inability to text editors to
> register themselves as handlers for script MIME types, and in those
> instances, the editor can register itself as the handler for another
> applicable, more generic MIME type (i.e. text/plain), then change its
> behavior based on the more detailed MIME type of the file after it
> opens it.

Applications which actually want to associate file with arbitrary code 
execution
(or other potentially malicious actions), can register a wrapper :

Exec=wine-prompt %F
# Alternatively: Exec=wine --prompt-user %F

This wrapper can warn of the security implications and ask for 
confirmation,
similar to how most file manager now ask for confirmation before 
executing
a native executable or a .desktop file.

The .desktop format could be extended with an additional entry such as:

#  bike-shed name:
Unsafe-Exec=wine %F

A caller not implementing this extension, would ignore this line and 
call the
prompt wrapper.

A caller implementing this extension, could ask for confirmation itself
and then call the unsafe command.

Gabriel