Re: [PMH] Idea for Nautilus and GMC.

From: Miguel de Icaza <miguel ximian com>
To: Jakub Steiner <jimmac ximian com>
Cc: nautilus-list eazel com, mc gnome org, prion-me-harder ximian com
Subject: Re: [PMH] Idea for Nautilus and GMC.
Date: 24 May 2001 14:44:27 -0400

I know I do plenty of things every day that can be considered a security
risk. I run rpm almost every day not really knowing what kind of scripts
are in the package, not realy caring that much where I got the package
from. 'rm' has an -i alias for root on a RedHat system. For a reason. If
I \rm my /, If I rpm -i a nasty trojan, it is always me who made a
specific action that I'm aware of as being a non-standard one. I blame
_me_ for being such an ass of typing rm --force *.rpm although it was
actually rpm -Uvh --force *.rpm I wanted. Single click (as that can be
what most people like in explorer, and probably set that in nautilus to
launch apps) is not such action.


So we have assessed that you are a seasoned Unix user.  Good.

Now, Nautilus is:

        1. Not set to launch stuff on single click by default.

        2. You ignore the fact that you will get a warning message.

I would blame the authors of such an
app to make it so easy to screw up my system.


This argument does not fly.  I saw hundreds of people ran into trouble
because they figured `Why do I need /bin for?' drag drag to trashcan.
`oops, system does not boot anymore'.

A binary having an icon of
a thumbnail of an image of <insert you favourite celem here> naked would
not make 99% of users aware it doesn't have to be an image.


A binary would have an executable icon, not an arbitrary image.  A
.desktop file on the other hand does.  If you get a .desktop file from
the network, you could put any icon you want in there, as long as the
icon is installed in your system.

So you suggest we turn off also .desktop file support then?

The bottom line is:

        `The executable bit is not a security mechanism' 

And whoever thinks that `execute bit' is a security mechanism is
confused.

To sum it all up. Yes I wan't  gnome to be accessible to anyone. But I
don't think things like file permissions are a bad obstacle. It's a
positive obstacle. It's a feature. You are making a point that having
such a feature will be more positive. Just imagine what kind of articles
you'd be reading once Unix had its first Melissa-like worm behind. Yes,
the execute bit is no security feature. It's there to say "no dude, it
was you who opened the gates".


No, it is not there for that reason.  It was historically there
because Unix did not have a VM system, and if you had the execute bit
set, the machine would try to execute something like:

        "Hello Dear Mom,"

Which would result in a complete system lock up as the processor tries
to execute "H" as an instruction.  It was not designed as a "security"
mechanism.

Miguel.

References:
- Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [PMH] Idea for Nautilus and GMC.
  - From: Miguel de Icaza
- Re: [PMH] Idea for Nautilus and GMC.
  - From: Jakub Steiner

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]