[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ayatana] Executable file dialog box...

To: Luke Benstead <kazade@xxxxxxxxx>
Subject: Re: [Ayatana] Executable file dialog box...
From: Chow Loong Jin <hyperair@xxxxxxxxxx>
Date: Wed, 22 Sep 2010 10:42:19 +0800
Cc: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type; bh=7QtymxPNbSbw8sYw3hJo1GrWNJoevY5aMvt3h+dZQPQ=; b=UDmDd4A+yObgO+asgdfCpqTZevK9RKR1GmVAXDoyGil5OsfDaSu2n63FN5uBohp7M7 MlYaclzwjE3uvbY8D5KSmgZOY8guwU3wngnJbrE2TEnEfraaJMQIHKlOTflF0sWQxHy0 Vs8NppNxoHJQqBxSpds8P80ROLM/RepPCbUDc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type; b=ZSerRrDU0XG/y1iI0l20I0v/UU560Brb/j8uUa21HWzG8shFu6FqKnE7MJ95UKUtXT PIy289RmLZOH6+3Jc+Md4xWaH223JLxqxjH7DaT0+L2TW4qdLc3B/jON9XI3O7/85YRM zjNTidpXr4sZFZ8q5RZkOnq2ozi7+5WkmCVc0=
In-reply-to: <AANLkTik0FeFNSTynJGGSsFx4P-Xke4848c+mDYjUnKgz@mail.gmail.com>
List-archive: <http://lists.launchpad.net/ayatana>
List-help: <https://help.launchpad.net/ListHelp>
List-id: <ayatana.lists.launchpad.net>
List-owner: <https://launchpad.net/~ayatana>
List-post: <mailto:ayatana@lists.launchpad.net>
List-subscribe: <https://launchpad.net/~ayatana>
List-unsubscribe: <https://launchpad.net/~ayatana>
References: <AANLkTimTeF+Yhv8FMWkcZY=ka_yKum6p5BbFYH=L6u-P@mail.gmail.com> <AANLkTimqkZXqw84qbjPZ5Y8qY3mrKj42TEBB8F_L=gA6@mail.gmail.com> <AANLkTik0FeFNSTynJGGSsFx4P-Xke4848c+mDYjUnKgz@mail.gmail.com>
Sender: Chow Loong Jin <hyperair@xxxxxxxxx>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.11pre) Gecko/20100918 Shredder/3.1.5pre

On Tuesday 21,September,2010 09:20 PM, Luke Benstead wrote:
> On 21 September 2010 13:54, Remco <remco47@xxxxxxxxx <mailto:remco47@xxxxxxxxx>>
> wrote:
> 
>     On Tue, Sep 21, 2010 at 12:38, Luke Benstead <kazade@xxxxxxxxx
>     <mailto:kazade@xxxxxxxxx>> wrote:
>     > I'm wondering if we need this dialog at all, surely we can code in a little
>     > bit of logic here. How about:
>     >
>     > If the file is executable and:
>     >
>     > 1. If the file is binary and the extension not associated to a program,
>     > attempt to run it
>     > or
>     > 2. If the file is text and has the #! line at the top, try to run it. Add
>     > "Run as a Program" and "Run as a Terminal Program" to the right click menu
>     > or
>     > 3. If the file is text, open it in the default editor and add "Run as a
>     > Program" and "Run as a Terminal Program" to the right click menu
>     >
>     > That way double clicking a file will do what the user expects most of the
>     > time, and give the option of alternative behaviour if necessary.
>     >
>     > Thoughts?
> 
>     This may have security implications. What if the file is a malicious
>     bash script? GNOME attempts to help the user avoid running malicious
>     code. Double clicking a text file downloaded from the internet should
>     not be a gamble. You double click the file to study it, and suddenly
>     it deletes all your files.
> 
> 
> I did consider this, however, when you download a file from the Internet via
> Firefox the executable bit is turned off, you have to already consciously go and
> enable it otherwise double clicking the file just opens it in a text editor.

On the other hand, pendrives, majority of which are formatted with a vfat file
system, are mounted in a way that results in all the files being executable by
default. I believe the same goes for NTFS file systems which are popular for
external hard disks.

> The current dialog doesn't seem to be about security (otherwise there would be a
> warning stating that) it seems to exist because Nautilus doesn't know what you
> want to do with the file.

Right, and it can't, because there's no way to tell whether the executable bit
was set intentionally or not.

> [...]

-- 
Kind regards,
Chow Loong Jin

Attachment: signature.asc
Description: OpenPGP digital signature

References:
- [Ayatana] Executable file dialog box...
  - From: Luke Benstead
- Re: [Ayatana] Executable file dialog box...
  - From: Remco
- Re: [Ayatana] Executable file dialog box...
  - From: Luke Benstead

Prev by Date: Re: [Ayatana] unity and notifications
Next by Date: [Ayatana] progress indication
Previous by thread: Re: [Ayatana] Executable file dialog box...
Next by thread: [Ayatana] progress indication
Index(es):
- Date
- Thread