Closed Bug 255351 Opened 20 years ago Closed 20 years ago

Windows XP SP2 introduces Zone Identifers for downloaded files, Mozilla should set these

Categories

(Core Graveyard :: File Handling, enhancement)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 236771

People

(Reporter: ju, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040614 Firefox/0.8

With Service Pack 2 Windows XP introduces a new feature called "Persistent Zone
Identifier". For every dowloaded file IE and Outlook Express
add an Additional Data Stream (ADS) called location.identifier (only works with
NTFS). It contains a line with something like "ZoneID=3". This information is
persistent and survives copying/renaming as long as you stay on NTFS.
ZoneIDs reflect the zones from IEs zone modell, i.e. local machine, internet
(3), untrusted (4), ...

When starting an executable in windows explorer that has a ZoneID=3, the user
receives a wanrning that this is not a trusted file.

You can inspect this Zone Identifier using:

notepad dowloaded.exe:zone.identifier

The interface for this Zone Identifiers is documented, see


   IAttachmentExecute Interface (MSDN)
http://msdn.microsoft.com/library/en-us/shellcc/platform/shell/reference/ifaces/iattachmentexecute/iattachmentexecute.asp

   Persistent Zone Identifier Object (MSDN)
http://msdn.microsoft.com/workshop/security/szone/reference/objects/PersistentZoneIdentifier.asp

   Attachment Execution Service API Integration
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2email.mspx
(see "Attachment Execution Service API Integration")



I think mozilla/firefox/thunderbird should include those features and set the
ZoneID of files according to the location a file is recieved from.

Note: http://bugzilla.mozilla.org/show_bug.cgi?id=236771 is quit similar to
this, but goes in the wrong direction (imho), so I entered a new report.
Feel free, to mark one of both as duplicate.


bye, ju

Reproducible: Always
Steps to Reproduce:
1. download an executable from the internet
   (or save a mail attachment) 
2. start it in windows explorer


Actual Results:  
Executable is started without warning

Expected Results:  
A warning about an untrusted file is presented to the user
Seconded. Files arriving on XP (and soon to be 2003 with SP1 in 2005) machines
from external sources should adhere to the same security guidelines as I.E. The
setting is disabled via the properties window for each file (and probably via an
API too).
-> File Handling
Assignee: download-manager → file-handling
Status: UNCONFIRMED → NEW
Component: Download Manager → File Handling
Ever confirmed: true
QA Contact: ian
I think NTFS support is very limited 
(In reply to comment #3)
> I think NTFS support is very limited 

sorry, forget this comment; this wasn't supposed to go into Bugzilla.
*** Bug 255939 has been marked as a duplicate of this bug. ***
Yes, mark this as a duplicate of #236771.

*** This bug has been marked as a duplicate of 236771 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.