OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] auto-play presentation file format like PPS

On Fri, Apr 25, 2008 at 12:09 PM, Jomar Silva
<jomar.silva@br.odfalliance.org> wrote:
>  I've understand the desired behavior, I'm asking about "the place" used to
> store the information (I think that "any MIME type" is too much
> comprehensive).

So you are questioning the mime type representation. It will be
represented as a mime type option. My representation may be wrong, but
it should be something like the following:


Short of a buffer overflow or DOS in mimetype reading code, I am not
sure I see a security issue.

>  This attribute is meant to only take certain values. I don't see any
> security implication in this schema considering that it doesn't allow
> execution of arbitrary code.
>  Let me change the term used: "it may be used to run malicious MIME type
> referenced content (as scripts)".

I am not sure I see how it could be used to execute a script. Can you
explain why you think that could happen? If we don't put a maximum
length, you might be able to DOS a reader by sending a file with a
super long mimetype. However, I still don't see a possible execution
of arbitrary code.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]