openjdk team mailing list archive

Thread
Date

[Bug 506702] Re: needs to block non-executable files from executing

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <506702@xxxxxxxxxxxxxxxxxx>
Date: Fri, 22 Jan 2010 00:15:09 -0000
Reply-to: Bug 506702 <506702@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package wine1.2 - 1.1.36-0ubuntu2

---------------
wine1.2 (1.1.36-0ubuntu2) lucid; urgency=low

  * Port to Lucid
  * Port Kees' changes from wine package:
    * debian/{control,*.lpia}: removed lpia arch since it is not supported.
    * debian/rules: support "parallel=N" in DEB_BUILD_OPTIONS.
    * implement an execute bit checker for the Ubuntu Non-Exec Policy
    (LP: #506702):
      - debian/wine1.2.mime: update mime handlers to use new launcher.
        - fix a typo in kees patch that removed x-winexe mimetype.
      - debian/patches/nonexec-launcher.diff: use new launcher for desktop file.
    * debian/wine1.2.{postinst,preinst,postrm}: clean up old static sysctl
      files (LP: #352119).
    * debian/control, debian/wine1.2.{templates,config,postinst,postrm}: add
      debconf question for selecting a sensible mmap_min_addr system setting
      (LP: #475540).
  * debian/wine1.2.{postinst,postrm}:
    - use "start procps || true" instead of invoke-rc.d (LP: #447197)
  * debian/control: update text in wine, wine-dev, and wine-gecko to say that
    its for easing wine upgrades and not just for PPA users now.
 -- Scott Ritchie <scott@xxxxxxxxxxxxx>   Sat, 16 Jan 2010 17:12:15 -0800

** Changed in: wine1.2 (Ubuntu)
       Status: New => Fix Released

-- 
needs to block non-executable files from executing
https://bugs.launchpad.net/bugs/506702
You received this bug notification because you are a member of OpenJDK,
which is subscribed to openjdk-6 in ubuntu.

Status in “mime-support” package in Ubuntu: Fix Released
Status in “nautilus” package in Ubuntu: In Progress
Status in “openjdk-6” package in Ubuntu: Fix Released
Status in “sun-java6” package in Ubuntu: In Progress
Status in “wine” package in Ubuntu: Fix Released
Status in “wine1.2” package in Ubuntu: Fix Released

Bug description:
Binary package hint: nautilus

Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit.
https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required

References

[Bug 506702] [NEW] needs to block non-executable files from executing
From: Kees Cook, 2010-01-13