[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tuesday 14 March 2006 2:48 pm, John Botwright wrote: > On Tue, Mar 14, 2006 at 10:36:48AM +0000, Neil Williams wrote: > > Sure, this can be turned > > off, but why is it on by default? If it's a default for Explorer > > windows, why > > is that inherited in the email client? (Duh! because some dunce > > thought it > > would be good for email to be processed by the same libraries as > > Explorer!) > > ??? But isn't that the whole point of using libraries ??? To me that > seems like saying that mozilla shouldn't use the glibc library because > it has functions for manipulating files in it?!! No, I know full well why and how libraries should be used. Windows doesn't call libraries using the normal API, things like OE use internal calls that are outside what you'd normally consider the public API. Mozilla uses glibc because it sticks to the API. OE mangles the whole thing. OE passes the entire process to the library, via private calls, instead of doing some work itself and using the library as it should. i.e. it expects Explorer to handle the email in totality instead of deciding which parts should go to the HTML rendering and which parts should not. > > The principle reason is that if you send a .pif, .scr, .exe, .bat etc. to > > a Windows user, when they "open" the attachment it doesn't open in a text > > viewer, it EXECUTES. > > This is what should happen because we usually want our client to perform > the immediately obvious action for random files .foo, .bar and .baz ?? What ?? The immediately obvious action is to VIEW the contents, NOT EXECUTE! You're talking below about mutt and images, that's VIEWING. There is an immense difference between VIEWING or OPENING and EXECUTING. Email clients must NOT execute attachments by default. Never. NEVER. No excuses, no exceptions. Attachments that are executable are dangerous and should be dealt with as such. This is what I meant with the umask: GNU uses a umask that makes everything 0644. Windows deals with attachments as 0777. Bonkers. 0644 (rw-r--r--) means that anyone can READ/VIEW/OPEN the file. NOBODY can execute it. That's the immediately obvious action for ALL attachments. > My Mutt email client on the other hand, is _dumb_. If I open an image, it > will happily fill my terminal with garbage. But because I added > "application/x-sh; xterm -e %s" to my mailcap, it will happily run > useful shell scripts which I have sent to myself for posterity. Yes, I > know it is an absurd argument but it makes my point that you cannot > label design features as "Lunacy" when they are doing exactly what they > are supposed to. > > --- > > Sorry for the rant. I have to work with windows XP and having features > taken away in the name of "security" is starting to make me a little > unhinged. Your features are not what you think. Reconsider OPEN vs EXECUTE. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgp8suYRiOQEI.pgp
Description: PGP signature