On 12/08/2009 08:57 PM, Uwe Stöhr wrote:
> If you want to introduce such support for doc, rtf, etc, then you
should do it the way we handle > dia, xfig, and the like. We should
check for a "real" viewer, such as OpenOffice, Word, or whatever, and
if we don't find one then it just defaults to "auto".
What is the advantage? I don't have Word on my machine so when I
execute a doc file, again the default viewer will be opened. It is in
this case Wordpad which is available on all Windows system.
As I said in my note, your patch leads to problems on every platform
except Windows. On Linux, for example, LyX tries to execute file.rtf,
which leads to an error message. The use of "auto" does not lead to such
problems, though it leads to absolutely nothing on any platform other
than Windows. The correct solution is to detect the viewer and default
to "auto".
What's the difference? "%s" writes "auto", doesn't it? WMF and EMF are
image formats like JPG and should be treated the same.
No. "%s" on my system writes "%s". If you look at configure.py, you will
find that the jpeg lines are different from the ones you added.
And no, we don't have a security hole. When I execute a file, no
matter what type it is, the default program tries to open it.
The problem, as I understand it, is that, under certain circumstances,
even a file with extension .jpg can be executed by windows, not by the
"default viewer". Ask your local spammer for details. Or read this:
http://msdn.microsoft.com/en-us/magazine/cc164146.aspx.
The rest of the discussion has similar issues, which I will not detail.
But you should know that running without admin privileges is not proof
against infection. (This has been discussed ad nauseam on Linux security
lists lately.) A user can get infected (though not the whole system)
even if she doesn't have admin permissions. More importantly, the
question whether a file is executable is not the same as the question
what its extension is. That's the whole point. Windows can see the
extension .wmf and still treat the file as executable. This is one of
the big security holes on Windows: It doesn't really have any conception
of an executable file.
Anyway, moving to an "auto"-based system is necessary, if only to fix
the bugs introduced on Linux. What I don't know is whether the
auto-based system already introduces vulnerabilities, due to the
potential call to rundll.
rh
