http://bugs.winehq.org/show_bug.cgi?id=59767 --- Comment #1 from Hans Leidekker <hans@meelstraat.net> --- (In reply to Aaron Rainbolt from comment #0)
Arguably, neither of these issues are security vulnerabilities in xdg-desktop-portal or file managers. The `xdg-mime` manpage warns:
Security Note: Never set a handler that will blindly execute code or commands from the file being handled. Such behavior will sooner than later lead to unintended code execution i.e. through a curious user trying to inspect a freshly downloaded file but running it by accident.
Keeping opening and executing separate actions helps with people protecting themselves from malware, the default handler is an opener, not a runner.
Therefore I believe this is an issue with Wine.
Wine is a runner and users have come to expect that double-clicking a .exe launches the executable. Removing the handler registration would break that. It may be up to the packager to disable the registration when installed in a sandbox. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.