Re: [Nautilus-list] Idea for Nautilus and GMC.

From: Zak McGregor <zak mighty co za>
To: Miguel de Icaza <miguel ximian com>
Cc: nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
Subject: Re: [Nautilus-list] Idea for Nautilus and GMC.
Date: Wed, 23 May 2001 03:15:06 +0200

On 22 May 2001 20:23:38 -0400
Miguel de Icaza <miguel ximian com> wrote:

Ideally, we want to avoid this problem in GNOME, and we just want
executables to just work.  As they do in Windows.


This is a tough one. Perhaps one should qualify this and leave it as-is
(ie, not such fanciness) for root and root-equivalent users to do this
but allow "normal" users to right-click on the file and select something
like "allow me to execute/run this file" and "execute/run this file".

So I would like to suggest that we set this bit manually if the user
double clicks on a file that happens to have an a.out or ELF
signature.  Maybe we could popup a warning or something, but the
result should be that files downloaded in this way would just work.


Yes I agree that dropping to a shell and typing in a chmod command is
sub-optimal. And a warning (if the file did not have the x bit set, and
you are about to change it for him/her) would be great too. The part
that worries me here is simply double-clicking an a.out or ELF file and
trying to set the executable bit is perhaps making it too simple. What
are the potential user risks that could evolve from this methodology? Of
course, even if the user has to drop a shell and type "chmod +x" a
malicious binary would obviously still have exactly the same effect.
However, the double-click idiom may ingrain some bad user habits over
and above the simple effect of any rogue binary they happen to run in
ignorance or error, hence my suggestion to make the user right-click the
file they want to execute and choose an option. I'd rather see people
gradually becoming accustomed to double-clicking a file to open it with
an associated application and utilising a different method to launch
executables. I don't think the physical difference is huge, but the
important distinction between data files and executables can be
highlighted very subtly in this way...

Perhaps a setting for advanced users in the preferences could be to
select an option which allows double-clicking executables to have their
executable bit set as well as right-clicking etc.

Without a doubt the MS-style of using file extentions to determine
whether a file should be executable or not has proved itself to be
vulnerable to pre-school level attacks. Thankfully whatever solution we
come up with here will be better from that point of view, but there may
just be an opportunity to use this to instill some good habits into our
users?

Just my halfpenny's worth :-)

Ciao

--
====================================================================
Zak McGregor
http://www.carfolio.com - Specifications of cars online. Over 7000!
--------------------------------------------------------------------
Of course my password is the same as my pet's name.  
My macaw's name was Q47pY!3, but I change it every 90 days.
====================================================================

Follow-Ups:
- Re: [Nautilus-list] Idea for Nautilus and GMC.
  - From: Pavel Machek

References:
- Idea for Nautilus and GMC.
  - From: Miguel de Icaza

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]