[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [office] auto-play presentation file format like PPS
On Fri, Apr 25, 2008 at 12:09 PM, Jomar Silva <jomar.silva@br.odfalliance.org> wrote: > I've understand the desired behavior, I'm asking about "the place" used to > store the information (I think that "any MIME type" is too much > comprehensive). So you are questioning the mime type representation. It will be represented as a mime type option. My representation may be wrong, but it should be something like the following: application/vnd.oasis.opendocument.presentation;preferred-view-mode="presentation-auto-start" Short of a buffer overflow or DOS in mimetype reading code, I am not sure I see a security issue. > This attribute is meant to only take certain values. I don't see any > security implication in this schema considering that it doesn't allow > execution of arbitrary code. > > Let me change the term used: "it may be used to run malicious MIME type > referenced content (as scripts)". I am not sure I see how it could be used to execute a script. Can you explain why you think that could happen? If we don't put a maximum length, you might be able to DOS a reader by sending a file with a super long mimetype. However, I still don't see a possible execution of arbitrary code. wt
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]