Chris Robinson wrote: > On Tuesday 24 February 2009 6:07:08 pm Scott Ritchie wrote: >> When I brought this up at the Ubuntu Developer Summit a while back, the >> security conscious there wanted to check an executable for the execute >> bit before launching it with Wine. Then, the user would be prompted if >> they wanted to run it, and if yes the execute bit would be set and the >> program launched. > > Seems a bit too easy to me for this to be ineffective. It's been repeated > often around here how people, especially Windows users, are conditioned to > click "Yes" and not actually see or comprehend what they're clicking yes too > ("I thought it was going to open it in notepad, not run it!"). IMHO, it would > be better if they had to take the initiative to mark it +x, then run it > again. > That would prevent these kinds of surprises. >
It would also make it completely unusable. Remember, all downloaded executables (even intentionally downloaded ones) will be -x by default. Do you really expect users to go right click->properties->permissions->allow execution? Or will they just conclude that it doesn't work. Worse, you could actively irritate them - suppose they do double click and you DONT offer the ability to open it, but instead instruct them to go through that annoying procedure. >> This check would be skipped if you clicked a link on the start menu >> (since you obviously meant to launch a program then). > > Not necessarily. Along with the .desktop trojan, the blog I read also showed > how to override system menu entries (by placing a replacement in the local > folder which will override the system one). So the link you clicked on may > not > be what you intended.. > > But in order to do that a malicious script has to already be running! Such a system is already owned. Thanks, Scott Ritchie