Re: [Ayatana] Executable file dialog box...

Subject: Re: [Ayatana] Executable file dialog box...

From: Luke Benstead <kazade@xxxxxxxxx>

Date: Tue, 21 Sep 2010 14:20:01 +0100

Cc: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=PK5zxlw1KaS8B7Jw2pjF3kRzFX3ec3JRrirtImfXcLk=; b=nx0hvd8Jzl9S74idxQYuMqb/BTZYhHrYdO6tV8GUS00fxamG1ajSBxwKOQBf5zSIW7 gHUZwnDxyk5UbcXRkHGd8oUmtKnVhelWBJ5AG7EH2cw3Q0Q4+Wwa6Hd+JS/xagpkyi3o JFhXnaQ5Iu2/j6hNbWCk083ROOVEirZmNviC0=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=ZgFuAlYjxbJZ7sv64DaZkcsYZJI3iHluM8npvFD9EniFAno1qdJ6Fup3pJyxm36neE 1Kh8og3wLXt0XGLEQNDwutZPh8I6vN2lZvwXy+zQwBUWS3C1pvQVBxxWfZoHIzh9x9D4 AMWIMCWkpef+8HEzeeCuisLl/os1xJWoB2NsA=

In-reply-to: <AANLkTimqkZXqw84qbjPZ5Y8qY3mrKj42TEBB8F_L=gA6@mail.gmail.com>

List-archive: <http://lists.launchpad.net/ayatana>

List-help: <https://help.launchpad.net/ListHelp>

List-id: <ayatana.lists.launchpad.net>

List-owner: <https://launchpad.net/~ayatana>

List-post: <mailto:ayatana@lists.launchpad.net>

List-subscribe: <https://launchpad.net/~ayatana>

List-unsubscribe: <https://launchpad.net/~ayatana>

References: <AANLkTimTeF+Yhv8FMWkcZY=ka_yKum6p5BbFYH=L6u-P@mail.gmail.com> <AANLkTimqkZXqw84qbjPZ5Y8qY3mrKj42TEBB8F_L=gA6@mail.gmail.com>

On 21 September 2010 13:54, Remco <remco47@xxxxxxxxx> wrote:

On Tue, Sep 21, 2010 at 12:38, Luke Benstead <kazade@xxxxxxxxx> wrote:
> I'm wondering if we need this dialog at all, surely we can code in a little
> bit of logic here. How about:
>
> If the file is executable and:
>
> 1. If the file is binary and the extension not associated to a program,
> attempt to run it
> or
> 2. If the file is text and has the #! line at the top, try to run it. Add
> "Run as a Program" and "Run as a Terminal Program" to the right click menu
> or
> 3. If the file is text, open it in the default editor and add "Run as a
> Program" and "Run as a Terminal Program" to the right click menu
>
> That way double clicking a file will do what the user expects most of the
> time, and give the option of alternative behaviour if necessary.
>
> Thoughts?

This may have security implications. What if the file is a malicious
bash script? GNOME attempts to help the user avoid running malicious
code. Double clicking a text file downloaded from the internet should
not be a gamble. You double click the file to study it, and suddenly
it deletes all your files.

I did consider this, however, when you download a file from the Internet via Firefox the executable bit is turned off, you have to already consciously go and enable it otherwise double clicking the file just opens it in a text editor.

The current dialog doesn't seem to be about security (otherwise there would be a warning stating that) it seems to exist because Nautilus doesn't know what you want to do with the file.

Maybe also add a clamav scan. Since many people have Wine installed,
it is even more important to scan untrusted executable files for
viruses.

Wine applications already have to have the executable bit set to run, if you try to run it without it you will see a dialog informing you.

Just to clarify, my suggestion is only for files already marked as executable, obviously adding "Run as a Program" to non-executable files is a massive security issue.

Luke.