# Re: [PMH] Idea for Nautilus and GMC.

• From: Jakub Steiner <jimmac ximian com>
• To: Miguel de Icaza <miguel ximian com>
• Cc: nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
• Subject: Re: [PMH] Idea for Nautilus and GMC.
• Date: 24 May 2001 11:56:50 +0200

On 23 May 2001 15:17:40 -0400, Miguel de Icaza wrote:

Every "will linux email clients be threatened by melissa-like worms?"
article ends with "we have the execute bit 'security'". I vote for not
having this feature implemented...


You realize that this gives you no security at all right?  That if
someone inserts a virus/trojan into a program that you trust you will
go and set the bit manually, and you will run it, and you will not get
a warning, and you will be just as bad, right?

So who are you trying to fool here?


Hi Miguel,
I know I do plenty of things every day that can be considered a security
risk. I run rpm almost every day not really knowing what kind of scripts
are in the package, not realy caring that much where I got the package
from. 'rm' has an -i alias for root on a RedHat system. For a reason. If
I \rm my /, If I rpm -i a nasty trojan, it is always me who made a
specific action that I'm aware of as being a non-standard one. I blame
_me_ for being such an ass of typing rm --force *.rpm although it was
actually rpm -Uvh --force *.rpm I wanted. Single click (as that can be
what most people like in explorer, and probably set that in nautilus to
launch apps) is not such action. I would blame the authors of such an
app to make it so easy to screw up my system. A binary having an icon of
a thumbnail of an image of <insert you favourite celem here> naked would
not make 99% of users aware it doesn't have to be an image. Nasty things
like this are always targeted at masses.

To sum it all up. Yes I wan't  gnome to be accessible to anyone. But I
don't think things like file permissions are a bad obstacle. It's a
positive obstacle. It's a feature. You are making a point that having
such a feature will be more positive. Just imagine what kind of articles
you'd be reading once Unix had its first Melissa-like worm behind. Yes,
the execute bit is no security feature. It's there to say "no dude, it
was you who opened the gates".

Jakub.
--
-[ jimmac ximian com ]-[ http://jimmac.musichall.cz ]-

"even a stopped clock gives a right time twice a day"