[Bug 506702] Re: needs to block non-executable files from executing
Should this apply to interpreted script files too? Such as Python, Ruby, and Perl scripts? -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/506702 Title: needs to block non-executable files from executing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mime-support/+bug/506702/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
I think that this fix has just caused a bug on sun java6: https://bugs.launchpad.net/bugs/568707 -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
er.. sorry, not entirely related :) -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Branch linked: lp:~voronov84/+junk/sun-java6 -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
Fixed sun-java6 in lucid ** Changed in: sun-java6 (Ubuntu) Status: Fix Committed = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Changed in: nautilus (Ubuntu) Status: In Progress = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Changed in: sun-java6 (Ubuntu) Status: In Progress = Fix Committed -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Changed in: wine1.2 (Ubuntu) Importance: Undecided = High ** Changed in: wine1.2 (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
This bug was fixed in the package wine1.2 - 1.1.36-0ubuntu2 --- wine1.2 (1.1.36-0ubuntu2) lucid; urgency=low * Port to Lucid * Port Kees' changes from wine package: * debian/{control,*.lpia}: removed lpia arch since it is not supported. * debian/rules: support parallel=N in DEB_BUILD_OPTIONS. * implement an execute bit checker for the Ubuntu Non-Exec Policy (LP: #506702): - debian/wine1.2.mime: update mime handlers to use new launcher. - fix a typo in kees patch that removed x-winexe mimetype. - debian/patches/nonexec-launcher.diff: use new launcher for desktop file. * debian/wine1.2.{postinst,preinst,postrm}: clean up old static sysctl files (LP: #352119). * debian/control, debian/wine1.2.{templates,config,postinst,postrm}: add debconf question for selecting a sensible mmap_min_addr system setting (LP: #475540). * debian/wine1.2.{postinst,postrm}: - use start procps || true instead of invoke-rc.d (LP: #447197) * debian/control: update text in wine, wine-dev, and wine-gecko to say that its for easing wine upgrades and not just for PPA users now. -- Scott Ritchie sc...@open-vote.org Sat, 16 Jan 2010 17:12:15 -0800 ** Changed in: wine1.2 (Ubuntu) Status: New = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Branch linked: lp:ubuntu/wine1.2 -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Attachment added: sun-java6_6-16-1ubuntu1.debdiff http://launchpadlibrarian.net/38089345/sun-java6_6-16-1ubuntu1.debdiff -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
Re: [Openjdk] [Bug 506702] Re: needs to block non-executable files from executing
On 19.01.2010 16:46, Kees Cook wrote: ** Attachment added: sun-java6_6-16-1ubuntu1.debdiff http://launchpadlibrarian.net/38089345/sun-java6_6-16-1ubuntu1.debdiff having the patch in this form is a major pain for uploads to older releases. please conditionalize this not to apply for anything else than lucid and newer. -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Also affects: wine1.2 (Ubuntu) Importance: Undecided Status: New -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
Malicious software in Windows has been known to try getting past simple file type checks by spreading a zip file containing the actual executable. In our case, a user could get a tarball containing an executable with the +x bit set from a malicious user. Perhaps make file-roller ask the user before unpacking archives that have the executable bit set. -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
This bug was fixed in the package mime-support - 3.48-1ubuntu1 --- mime-support (3.48-1ubuntu1) lucid; urgency=low * Add cautious-launcher for handling execution of files that are outside /usr and /opt (LP: #506702). -- Kees Cook k...@ubuntu.com Wed, 13 Jan 2010 22:31:40 -0800 ** Changed in: mime-support (Ubuntu) Status: In Progress = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
This bug was fixed in the package wine - 1.0.1-0ubuntu10 --- wine (1.0.1-0ubuntu10) lucid; urgency=low * debian/{control,*.lpia}: removed lpia arch since it is not supported. * implement an execute bit checker for the Ubuntu Non-Exec Policy (LP: #506702): - debian/wine.mime: update mime handlers to use new launcher. - debian/patches/nonexec-launcher.diff: use new launcher for desktop file. -- Kees Cook k...@ubuntu.com Tue, 12 Jan 2010 11:41:38 -0800 ** Changed in: wine (Ubuntu) Status: In Progress = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
This bug was fixed in the package openjdk-6 - 6b17-0ubuntu2 --- openjdk-6 (6b17-0ubuntu2) lucid; urgency=low * implement an execute bit checker for the Ubuntu Non-Exec Policy (LP: #506702): - debian/JB-java.desktop.in: update mime handler to use new launcher. -- Kees Cook k...@ubuntu.com Fri, 15 Jan 2010 17:01:46 -0800 ** Branch linked: lp:ubuntu/mime-support ** Changed in: openjdk-6 (Ubuntu) Status: In Progress = Fix Released -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Changed in: mime-support (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: nautilus (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: openjdk-6 (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: sun-java6 (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) ** Changed in: wine (Ubuntu) Assignee: (unassigned) = Kees Cook (kees) -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Also affects: mime-support (Ubuntu) Importance: Undecided Status: New -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
** Changed in: nautilus (Ubuntu) Status: Confirmed = In Progress ** Changed in: sun-java6 (Ubuntu) Status: Confirmed = In Progress ** Changed in: openjdk-6 (Ubuntu) Status: Confirmed = In Progress ** Changed in: wine (Ubuntu) Status: Confirmed = In Progress ** Changed in: mime-support (Ubuntu) Status: New = In Progress ** Changed in: mime-support (Ubuntu) Importance: Undecided = High -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
The major thing to look for is .desktop files that trigger off of MimeTypes, yet actually run the target file. For example /usr/share/applications/openjdk-6-java.desktop: ... Exec=/usr/lib/jvm/java-6-openjdk/bin/java -jar ... MimeType=application/x-java-archive;application/java-archive;application/x-jar; This leads to executing the JAR file, even when it lacks the execute bit. ** Changed in: nautilus (Ubuntu) Status: New = Confirmed ** Changed in: wine (Ubuntu) Status: New = Confirmed ** Changed in: sun-java6 (Ubuntu) Importance: Undecided = High ** Changed in: openjdk-6 (Ubuntu) Status: New = Confirmed ** Changed in: openjdk-6 (Ubuntu) Importance: Undecided = High ** Changed in: nautilus (Ubuntu) Importance: Undecided = High ** Changed in: wine (Ubuntu) Importance: Undecided = High ** Changed in: sun-java6 (Ubuntu) Status: New = Confirmed -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
I have a near implementation of the executable-handler that we discussed at UDS-Karmic. Java, Wine, et all shouldn't be opening these without execute bit permission, however having executable-handler open them would be an acceptable default as it doesn't actually run them. Right now the current design is to scan them for viruses and inform the user what happened. -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
[Bug 506702] Re: needs to block non-executable files from executing
My first-pass at Wine is here: http://people.canonical.com/~kees/wine_1.0.1-0ubuntu10.debdiff I intend to move wine-desktop-launcher into a generic script that will live in mime-support so that the other packages can call it too. -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to nautilus in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs