unity-design team mailing list archive
-
unity-design team
-
Mailing list archive
-
Message #03736
Re: Executable file dialog box...
On Tuesday 21,September,2010 09:20 PM, Luke Benstead wrote:
> On 21 September 2010 13:54, Remco <remco47@xxxxxxxxx <mailto:remco47@xxxxxxxxx>>
> wrote:
>
> On Tue, Sep 21, 2010 at 12:38, Luke Benstead <kazade@xxxxxxxxx
> <mailto:kazade@xxxxxxxxx>> wrote:
> > I'm wondering if we need this dialog at all, surely we can code in a little
> > bit of logic here. How about:
> >
> > If the file is executable and:
> >
> > 1. If the file is binary and the extension not associated to a program,
> > attempt to run it
> > or
> > 2. If the file is text and has the #! line at the top, try to run it. Add
> > "Run as a Program" and "Run as a Terminal Program" to the right click menu
> > or
> > 3. If the file is text, open it in the default editor and add "Run as a
> > Program" and "Run as a Terminal Program" to the right click menu
> >
> > That way double clicking a file will do what the user expects most of the
> > time, and give the option of alternative behaviour if necessary.
> >
> > Thoughts?
>
> This may have security implications. What if the file is a malicious
> bash script? GNOME attempts to help the user avoid running malicious
> code. Double clicking a text file downloaded from the internet should
> not be a gamble. You double click the file to study it, and suddenly
> it deletes all your files.
>
>
> I did consider this, however, when you download a file from the Internet via
> Firefox the executable bit is turned off, you have to already consciously go and
> enable it otherwise double clicking the file just opens it in a text editor.
On the other hand, pendrives, majority of which are formatted with a vfat file
system, are mounted in a way that results in all the files being executable by
default. I believe the same goes for NTFS file systems which are popular for
external hard disks.
> The current dialog doesn't seem to be about security (otherwise there would be a
> warning stating that) it seems to exist because Nautilus doesn't know what you
> want to do with the file.
Right, and it can't, because there's no way to tell whether the executable bit
was set intentionally or not.
> [...]
--
Kind regards,
Chow Loong Jin
Attachment:
signature.asc
Description: OpenPGP digital signature
References