|
|
How it works
I won't comment on the security, or lack of it, of the RTFD format, but I can explain how it works. An RTFD "file" isn't a file at all. It's really a NeXT bundle, like a Mac OS X application, font or nib file. It appears as a directory in terminal sessions, and you can get the Finder to display its contents. All the images, PDFs, movies, sounds, applications and other non-text content is stored in this directory, along with an RTF file containing the textual content and links to the embedded content. This is an easy way to create a composite document without resource forks or MIME encoding. I, personally, think RTFD is great. OmniWeb can save web pages as RTFD, complete with images and full formatting information. Soon other applications will be able to export to this format as well. Sure, the only operating systems that recognise it are Mac OS X and OpenStep, but this can only improve.
Security ramifications of emailed pkgs - was: How it works
If it is a MacOS X bundle (i.e., a directory), that saves you from a simple e-mail virus that you merely have to receive (like those nasty VBScript Outlook ones): if you get it in email, it will be tarred and encoded - it is static data.
However, it does provide the possibility that opening an attachment can spawn a virus. This, however, is widely the situation on the net and has been for years - open arbitrary things, and you don't know what you'll get. To be responsible, the Mail client ought to somehow tag the attachment as "untrusted", but how you do that in a general way when the attachment is simply a tar file is something I'm unsure about. For example, you might tag the file somehow, but the user might still simply use the standard gnutar to unwrap it. I suppose if the user's doing that, then they're knowledgeable enough not to shoot their own foot, but ya never know..... You could at least hack Mail to check for the filename of the attachment. If it is .app or .rtfd, warn the user about executable code (or does Mail do this already?). For that matter, if an attachment's type is tar, then do a tar -t on it and warn of any files inside it that look like they might have executable code.
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.09 seconds |
|