openjdk team mailing list archive

Thread
Date

[Bug 506702] Re: needs to block non-executable files from executing

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Scott Ritchie <scottritchie@xxxxxxxxxx>
Date: Wed, 13 Jan 2010 00:10:08 -0000
Reply-to: Bug 506702 <506702@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have a near implementation of the executable-handler that we discussed
at UDS-Karmic.  Java, Wine, et all shouldn't be opening these without
execute bit "permission", however having executable-handler open them
would be an acceptable default as it doesn't actually run them.  Right
now the current design is to scan them for viruses and inform the user
what happened.

-- 
needs to block non-executable files from executing
https://bugs.launchpad.net/bugs/506702
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “nautilus” package in Ubuntu: Confirmed
Status in “openjdk-6” package in Ubuntu: Confirmed
Status in “sun-java6” package in Ubuntu: Confirmed
Status in “wine” package in Ubuntu: Confirmed

Bug description:
Binary package hint: nautilus

Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit.
https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required

References

[Bug 506702] [NEW] needs to block non-executable files from executing
From: Kees Cook, 2010-01-13