[Nautilus-list] Re: [PMH] Idea for Nautilus and GMC.

> I know I do plenty of things every day that can be considered a security
> risk. I run rpm almost every day not really knowing what kind of scripts
> are in the package, not realy caring that much where I got the package
> from. 'rm' has an -i alias for root on a RedHat system. For a reason. If
> I \rm my /, If I rpm -i a nasty trojan, it is always me who made a
> specific action that I'm aware of as being a non-standard one. I blame
> _me_ for being such an ass of typing rm --force *.rpm although it was
> actually rpm -Uvh --force *.rpm I wanted. Single click (as that can be
> what most people like in explorer, and probably set that in nautilus to
> launch apps) is not such action. 

So we have assessed that you are a seasoned Unix user.  Good.

Now, Nautilus is:

	1. Not set to launch stuff on single click by default.

	2. You ignore the fact that you will get a warning message.

> I would blame the authors of such an
> app to make it so easy to screw up my system. 

This argument does not fly.  I saw hundreds of people ran into trouble
because they figured `Why do I need /bin for?' drag drag to trashcan.
`oops, system does not boot anymore'.  

> A binary having an icon of
> a thumbnail of an image of <insert you favourite celem here> naked would
> not make 99% of users aware it doesn't have to be an image. 

A binary would have an executable icon, not an arbitrary image.  A
.desktop file on the other hand does.  If you get a .desktop file from
the network, you could put any icon you want in there, as long as the
icon is installed in your system.

So you suggest we turn off also .desktop file support then?

The bottom line is:

	`The executable bit is not a security mechanism' 

And whoever thinks that `execute bit' is a security mechanism is

> To sum it all up. Yes I wan't  gnome to be accessible to anyone. But I
> don't think things like file permissions are a bad obstacle. It's a
> positive obstacle. It's a feature. You are making a point that having
> such a feature will be more positive. Just imagine what kind of articles
> you'd be reading once Unix had its first Melissa-like worm behind. Yes,
> the execute bit is no security feature. It's there to say "no dude, it
> was you who opened the gates".

No, it is not there for that reason.  It was historically there
because Unix did not have a VM system, and if you had the execute bit
set, the machine would try to execute something like:

	"Hello Dear Mom,"

Which would result in a complete system lock up as the processor tries
to execute "H" as an instruction.  It was not designed as a "security"


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]