oss-sec mailing list archives
Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine)
From: Gabriel Corona <gabriel.corona () free fr>
Date: Wed, 20 May 2026 21:18:43 +0200
Sandboxes should only allow allowlist of file types and make everything else fall back to a safe default. This could be a simple text editor (no IDE support!) for text files, and a hex editor (or an error) for binary files.
That sounds extremely inconvenient. Running an email client in a sandbox? It can't open a PDF or a JPEG (or worse, you'll get an hex-editor) ...
If the sandboxed application is badly integrated and can't open files and URIs, the user (me included) will prefer using the non-sandboxed version in order to get things done (or will prefer using a more user-friendly OS). This would defeat the purpose of having sandboxed applications.
Gabriel
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
Current thread:
- On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 18)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie (May 19)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 19)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 19)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie (May 20)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Demi Marie Obenour (May 20)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Gabriel Corona (May 20)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Aaron Rainbolt (May 19)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) gabriel . corona (May 20)
- Re: On the issue of MIME handlers that execute arbitrary code (e.g. Wine) Simon McVittie (May 19)