[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ayatana] Executable file dialog box...



On Tuesday 21,September,2010 09:20 PM, Luke Benstead wrote:
> On 21 September 2010 13:54, Remco <remco47@xxxxxxxxx <mailto:remco47@xxxxxxxxx>>
> wrote:
> 
>     On Tue, Sep 21, 2010 at 12:38, Luke Benstead <kazade@xxxxxxxxx
>     <mailto:kazade@xxxxxxxxx>> wrote:
>     > I'm wondering if we need this dialog at all, surely we can code in a little
>     > bit of logic here. How about:
>     >
>     > If the file is executable and:
>     >
>     > 1. If the file is binary and the extension not associated to a program,
>     > attempt to run it
>     > or
>     > 2. If the file is text and has the #! line at the top, try to run it. Add
>     > "Run as a Program" and "Run as a Terminal Program" to the right click menu
>     > or
>     > 3. If the file is text, open it in the default editor and add "Run as a
>     > Program" and "Run as a Terminal Program" to the right click menu
>     >
>     > That way double clicking a file will do what the user expects most of the
>     > time, and give the option of alternative behaviour if necessary.
>     >
>     > Thoughts?
> 
>     This may have security implications. What if the file is a malicious
>     bash script? GNOME attempts to help the user avoid running malicious
>     code. Double clicking a text file downloaded from the internet should
>     not be a gamble. You double click the file to study it, and suddenly
>     it deletes all your files.
> 
> 
> I did consider this, however, when you download a file from the Internet via
> Firefox the executable bit is turned off, you have to already consciously go and
> enable it otherwise double clicking the file just opens it in a text editor.

On the other hand, pendrives, majority of which are formatted with a vfat file
system, are mounted in a way that results in all the files being executable by
default. I believe the same goes for NTFS file systems which are popular for
external hard disks.

> The current dialog doesn't seem to be about security (otherwise there would be a
> warning stating that) it seems to exist because Nautilus doesn't know what you
> want to do with the file.

Right, and it can't, because there's no way to tell whether the executable bit
was set intentionally or not.

> [...]

-- 
Kind regards,
Chow Loong Jin

Attachment: signature.asc
Description: OpenPGP digital signature