bastian at kde.org
Wed Mar 15 09:14:49 EET 2006
This isn't about executable bits but about not executing binary program files.
I will adjust the wording to make this more clear.
On Tuesday 14 March 2006 11:22, Peter wrote:
> I have a concern about autoopen in the autostart-spec. I'll start with
> a quote:
> The relative path MUST NOT point to an executable file. ... If the
> relative path points to an executable file then the desktop environment
> MUST NOT execute the file.
> I don't know exactly how Windows-free you guys are, but consider if
> someone wants a cross-platform medium of some kind. They would
> certainly want Windows to read it, and Windows formats often don't have
> executable bits. These mediums get mounted with EVERY file marked
> executable, at least on every Unix (which pretty much means Linux ;)
> I've tried it with. Seeing as though this part of the spec is most
> foreseeably useful for cdroms, I'll point you to something I did a quick
> Google for:
> So far this is sapping the spec of its usefulness. I did a search in
> the archives, and someone else seemed to mention that directories are
> also valid candidates for autoopen. I agree.
> I understand that this is a matter of security; however, I would suggest
> that the execute bit be explicitly ignored. Hopefully this wouldn't
> result in kludgey vfs work-arounds. On that note, I'll again quote the
> When an Autoopen file has been detected and the user has confirmed that
> the file indicated in the Autoopen file should be opened then the file
> indicated in the Autoopen file MUST be opened in the application
> normally preferred by the user for files of its kind UNLESS the user
> instructed otherwise.
> This implies that the user "MUST" be prompted (shouldn't this be
> explicit to avoid mis-interpretations?) and be given the same
> responsibility one requires when opening any media, visiting any
> website, or otherwise using one's computer. This seems simple enough to
> me. Removing the execute bit and prompting the user will give the same
> level of security that would otherwise be given without the execute bit
> in the first place.
> Hopefully I haven't wasted your time with something that has been
> addressed. _______________________________________________
> xdg mailing list
> xdg at lists.freedesktop.org
Linux Client Architect - Channel Platform Solutions Group - Intel Corporation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060314/9b98032e/attachment.pgp
More information about the xdg