Re: Nautilus should ignore the +x bit



On Wed, 2005-05-11 at 10:40 +0200, Danny Milosavljevic wrote:
> yes, copy/pasting and adding some non-trivial text, that is. I'd say
> that's pretty hard to do "accidentially"

Well, by that I meant that emails could ask people to do it. 

> "the user has made a decision to run a program" is only half the story.
> If it doesnt have +x, it _is no program_. 

That's a rather strange way to look at it. A shell script is definitely
a program no matter how it's marked.

> And as for now, shell scripts *are* only recognizable as executable
> program by the +x flag (hmm ok, and maybe the shebang, if available at
> all).

Exactly ...

> I think the root cause is the browser not flagging the shell script as
> executable (the browser should check that and just ask if it should add
> +x, really - maybe use a special mime type for shell script transfer so
> it is obvious without having to download the file first)

That's another way to look at it, but it's not just browsers but any
program that can retrieve data from some source (so p2p programs,
download managers, email clients, chat programs etc). IMHO the problem
is that the +x bit doesn't add security, so it should be ignored, rather
than hacking around the problem in every single program.

> > Q: What about noexec mounts?
> > A: Users can already circumvent the noexec bit for shell scripts anyway,
> >    so it makes no difference.
> 
> I'd say then that (which makes them able to circumvent the noexec bit
> easily) would be a bug. What is it ?

Well, "bash foo.sh". Or for ELF binaries execute it using the linker
directly.

> > Q: Why don't you just ship the installer in a tarball?
> > A: Because this is lame, adds additional complexity for users who already
> >    have too much, and is working around the desktop not being easy to use
> >    instead of fixing it
> 
> That depends on how tarballs are handled. 
> MacOS9 (which I have on my very very old powermac here :)) does it that
> way:
> Whenever you click on a stuffit archive, it will automagically (and
> instantly) get extracted into the current directory into a new subfolder
> (and when I started using macos after using windows first I went "HUH?!
> Why doesnt a window/app appear" but about two seconds later I saw the
> new folder that appeared - plus, if the extractor program notices that
> there already is a folder, it could say "Hey lookie there, there is a
> folder, maybe you already clicked on the tarball")

That'd certainly be a nicer way of handling tarballs. Alternatively some
MacOS X style DMG disk image that the desktop understands and can mount
would be good (but you need some way to mount them without root).

> I dont see how that could get difficult to use at all, ever. Please do
> tell me how :)

No I think that'd be OK, though the net result is that the user doesn't
have to set the +x bit _which is exactly what I'm proposing_ :) Why is
it better to wrap something in a container so the user doesn't have to
mess around with properties than simply to not need that messing about
in the first place?

> Plus, just have the browser check the mime type of the shell script that
> will be downloaded and figure out that it should +x it, I can't see any
> shortcoming with that (ok, other than it adds a confirmation dialog to
> the download process - which could be considered a good thing).

That only fixes it for one browser, but there are lots. And then there's
all the other programs I mentioned above.

thanks -mike




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]