Nautilus should ignore the +x bit
- From: Mike Hearn <mike navi cx>
- To: nautilus-list gnome org
- Subject: Nautilus should ignore the +x bit
- Date: Mon, 09 May 2005 20:10:35 +0100
Hi,
I'd like to request that Nautilus be modified to run shell scripts even if
they don't have the +x bit. There are two parts to the rationale:
1) The +x bit adds no security. It can be trivially bypassed by simply
enabling it in the UI, or by copy/pasting something into the command
line. Once the user has made a decision to run a program, the desktop
should not make people jump through arbitrary hoops, it should just do
it
2) More pragmatically, Codeweavers is getting more and more users who
file support tickets along the lines of "I bought your product but
nothing happens when I click the installer!". A few years ago we got
one of these maybe every few months and they were just a curiosity,
but as Linux has become easier to use we're getting many more
non-technical users (yay!) to whom UNIX foibles like the +x bit are
alien. Sanding off this usability rough edge would reduce our workload
a bit.
Here are some common objections so I can try and swat them before things
turn into a full-on flamewar :)
Q: "The +x bit is the UNIX standard security system, we shouldn't ignore
it"
A: Of course we should, GNOME already tries to hide the UNIX FHS and
other scary bits of traditional UNIX geekery. This is no different.
Q: What about noexec mounts?
A: Users can already circumvent the noexec bit for shell scripts anyway,
so it makes no difference.
Q: If users can download and run stuff easily Linux will be full of spyware
A: They already can, and the process of enabling the +x bit adds no
additional information to what the user already has so it won't affect
their decision to run the program. If we want to build some
quarantining/blacklist system then that is a whole other topic, which
is orthogonal to this one.
Q: Why don't you just ship the installer in a tarball?
A: Because this is lame, adds additional complexity for users who already
have too much, and is working around the desktop not being easy to use
instead of fixing it
Q: Why do you ship self-extracting installers instead of DEBs/RPMs/Slackpacks/etc?
A: Because users seem to prefer them, and because many distros aren't set
up to graphically install RPMs/DEBs/whatevers when clicked on.
thanks -mike
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]