Re: [office] auto-play presentation file format like PPS

["Warren Turkal" <turkal@google.com>]

On Fri, Apr 25, 2008 at 12:09 PM, Jomar Silva
<jomar.silva@br.odfalliance.org> wrote:
>  I've understand the desired behavior, I'm asking about "the place" used to
> store the information (I think that "any MIME type" is too much
> comprehensive).

So you are questioning the mime type representation. It will be
represented as a mime type option. My representation may be wrong, but
it should be something like the following:

application/vnd.oasis.opendocument.presentation;preferred-view-mode="presentation-auto-start"

Short of a buffer overflow or DOS in mimetype reading code, I am not
sure I see a security issue.

>  This attribute is meant to only take certain values. I don't see any
> security implication in this schema considering that it doesn't allow
> execution of arbitrary code.
>
>  Let me change the term used: "it may be used to run malicious MIME type
> referenced content (as scripts)".

I am not sure I see how it could be used to execute a script. Can you
explain why you think that could happen? If we don't put a maximum
length, you might be able to DOS a reader by sending a file with a
super long mimetype. However, I still don't see a possible execution
of arbitrary code.

wt