[linux-elitists] Freeing document _formats_

kmself@ix.netcom.com kmself@ix.netcom.com
Tue Jul 11 12:32:47 PDT 2000


On Mon, Jul 10, 2000 at 03:26:31PM -0500, Jeremy M. Dolan wrote:
> On Mon, 10 Jul 2000 18:06:20 +0000, Don Marti wrote:
> > 3-letter "extensions" are highly silly. What's a .tex? What's a .tfm?
> > What's a .tga? (That's just a couple from the Ts) Macintosh four-letter
> > file types and creators might work as an index if they're unique.
> > file(1) magic names might be good too.
> 
> file(1) is comparitivly expensive, and possibly inconsclusive. A hack
> job at best. 

Well, ultimately it's a halting problem -- you don't know a file is a
valid document of type foo until you load it into a foo-compliant
document validator.  Yes, there is an overhead to file, however, it buys
you much more robustness than file extensions.  The hack works pretty
well.  Caching results can speed performance, though a standard
mechanism for doing this should probably be provided.  This gets toward
the Mac filesystem standard.

> In reality, file name extentions *work*, elite or not. 

They don't.  Several Windows exploits have used file extensions,
including the .SCP (scrap) file extension, and the fact that the default
"open" association of an .RTF file is MS Word, though Word will treat an
.RTF file which is actually an MS Word file as MS Word, rendering it and
launching any embedded macros.  This has been used to bypass email
filtering (antiviral/trojan) tools.

There are several problems with file extensions, some mentioned -- the
namespace is far too small, and collisions are far too common, not to
mention that the suffixes are becoming far too nonintuitive.  It's also
possible to shitcan a file by modifying its extension (and a number of
apps/interfaces do this regularly).

Until applications reliably treat file extensions as ironclad rules for
interpreting files, the system is broken.  Extensions are advisory at
best.

-- 
Karsten M. Self <kmself@ix.netcom.com>     http://www.netcom.com/~kmself
 Evangelist, Opensales, Inc.                    http://www.opensales.org
  What part of "Gestalt" don't you understand?   Debian GNU/Linux rocks!
   http://gestalt-system.sourceforge.net/    K5: http://www.kuro5hin.org
GPG fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20000711/9c42fefc/attachment.pgp 


More information about the linux-elitists mailing list