Le mercredi 14 février 2007 à 09:15 +0100, Loïc Minier a écrit :
> Hi,
>
> I see you went for a whitelist for .desktop files hanlding in nautilus
> for #408948; I think it lessens the impact of the lack of the MIME type
> mismatch checks in gnome-vfs2 and is less intrusive, and will permit
> downgrading 408948.
I think it's the best fix we can provide for this case, as it will
simply treat desktop files with wrong extensions like text files.
> However, I think .volume needs to be added
Indeed, will do. Anyway I need to make the test more complex to fix
#408556 and to cache the result, as this function is called quite often.
> , and perhaps other
> extensions as well.
According to the fd.o database, there is .kdelnk, but I wonder whether
it's worth the deal.
> There's also "smblink-root", but I suppose some larger whitelist can be
> implemented for network://:
> bee% gnomevfs-ls network://
> smblink-root (Regular, application/x-desktop) size 0 mode
> 0444
>
> Did you already check smb:// shares?
I think we must add .desktop extensions for the virtual desktop files
created by gnome-vfs in network:/// and smb:///. This should be easily
be done in gnome-vfs and transparent for the user.
As for fixing #408556, I suggest the following course of action:
* for computer:// and applications://, allow all .desktop files;
* for network://, dns-sd:// and smb://, use clever filters;
* for file://, only allow files belonging to the user or to root;
* for all other cases, treat them as text.
A more elegant way to fix network:// and the like is probably to give
autogenerated files another MIME type, like
application/x-desktop-virtual. This would allow to easily distinguish
them from any user-created files, as there is no way the fd.o database
would return this MIME type when queried.
All these changes require a shlibs bump for gnome-vfs and the last one
requires a conflict against nautilus versions not understanding this
MIME type.
Thoughts anyone?
--
.''`.
: :' : We are debian.org. Lower your prices, surrender your code.
`. `' We will add your hardware and software distinctiveness to
`- our own. Resistance is futile.
