[Esd-l] problems with version 1.136 (Mangle MIME type to TEXT/PLAIN, multipart/related inline images)

John D. Hardin jhardin at impsec.org
Sat Nov 2 13:52:01 PST 2002 

On Sat, 2 Nov 2002, Peter van Campen wrote:

> since we upgraded to version 1.136, users started complaining that
> some attachments couldn't be viewed anymore. Apparently the reason
> behind that was mentioned in the change log as:
> 	Mangle MIME type to TEXT/PLAIN instead of
> 	APPLICATION/OCTET-STREAM to (hopefully) prevent magic scanning
> 	and execution.
> Some MS-Word attachments that had been saved, couldn't be opened anymore by
> StarOffice or MS-Word

I guess the mailer is being smart and not saving the attachment
verbatim.

> Therefore we changed the 'text\/plain' in the html-trap.procmail back to
> 'application\/octet-stream'.

Can anybody suggest a MIME type to use here? application/octet-stream
runs the risk of triggering OS magic filetype determination and may
not effectively prevent execution. text/plain apparently will cause
some mailers to do textish things to the file (EOL conversions,
maybe? Line wrap?)

> If the inline image is defanged, producing <DEFANGED_IMG
> src="cid...>, the user doesn't see the reference or the
> attachment. For a reference to an attached part, it perhaps
> wouldn't be necessary to defang it?

Well, I'm leery of making the filter too smart. The smarter it is, the
more likely there will be a way to bypass it.

Also, needing to look to the arguments of a tag pulls in all kinds of
parsing overhead, like skipping intermediate options, multiline
matches, etc. This increases complexity, adds to the overhead and
gives me more opportunity to introduce a bug.

--
 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
-----------------------------------------------------------------------
   46 days until The Two Towers

More information about the esd-l mailing list