Closed
Bug 255351
Opened 20 years ago
Closed 20 years ago
Windows XP SP2 introduces Zone Identifers for downloaded files, Mozilla should set these
Categories
(Core Graveyard :: File Handling, enhancement)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 236771
People
(Reporter: ju, Unassigned)
References
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8
With Service Pack 2 Windows XP introduces a new feature called "Persistent Zone
Identifier". For every dowloaded file IE and Outlook Express
add an Additional Data Stream (ADS) called location.identifier (only works with
NTFS). It contains a line with something like "ZoneID=3". This information is
persistent and survives copying/renaming as long as you stay on NTFS.
ZoneIDs reflect the zones from IEs zone modell, i.e. local machine, internet
(3), untrusted (4), ...
When starting an executable in windows explorer that has a ZoneID=3, the user
receives a wanrning that this is not a trusted file.
You can inspect this Zone Identifier using:
notepad dowloaded.exe:zone.identifier
The interface for this Zone Identifiers is documented, see
IAttachmentExecute Interface (MSDN)
http://msdn.microsoft.com/library/en-us/shellcc/platform/shell/reference/ifaces/iattachmentexecute/iattachmentexecute.asp
Persistent Zone Identifier Object (MSDN)
http://msdn.microsoft.com/workshop/security/szone/reference/objects/PersistentZoneIdentifier.asp
Attachment Execution Service API Integration
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2email.mspx
(see "Attachment Execution Service API Integration")
I think mozilla/firefox/thunderbird should include those features and set the
ZoneID of files according to the location a file is recieved from.
Note: http://bugzilla.mozilla.org/show_bug.cgi?id=236771 is quit similar to
this, but goes in the wrong direction (imho), so I entered a new report.
Feel free, to mark one of both as duplicate.
bye, ju
Reproducible: Always
Steps to Reproduce:
1. download an executable from the internet
(or save a mail attachment)
2. start it in windows explorer
Actual Results:
Executable is started without warning
Expected Results:
A warning about an untrusted file is presented to the user
Comment 1•20 years ago
|
||
Seconded. Files arriving on XP (and soon to be 2003 with SP1 in 2005) machines
from external sources should adhere to the same security guidelines as I.E. The
setting is disabled via the properties window for each file (and probably via an
API too).
Comment 2•20 years ago
|
||
-> File Handling
Assignee: download-manager → file-handling
Status: UNCONFIRMED → NEW
Component: Download Manager → File Handling
Ever confirmed: true
QA Contact: ian
Comment 3•20 years ago
|
||
I think NTFS support is very limited
Comment 4•20 years ago
|
||
(In reply to comment #3)
> I think NTFS support is very limited
sorry, forget this comment; this wasn't supposed to go into Bugzilla.
Comment 5•20 years ago
|
||
*** Bug 255939 has been marked as a duplicate of this bug. ***
Comment 6•20 years ago
|
||
Yes, mark this as a duplicate of #236771.
Comment 7•20 years ago
|
||
*** This bug has been marked as a duplicate of 236771 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•