Chris Robinson wrote:
On Tuesday 24 February 2009 6:07:08 pm Scott Ritchie wrote:
When I brought this up at the Ubuntu Developer Summit a while back, the security conscious there wanted to check an executable for the execute bit before launching it with Wine. Then, the user would be prompted if they wanted to run it, and if yes the execute bit would be set and the program launched.
Seems a bit too easy to me for this to be ineffective. It's been repeated often around here how people, especially Windows users, are conditioned to click "Yes" and not actually see or comprehend what they're clicking yes too ("I thought it was going to open it in notepad, not run it!"). IMHO, it would be better if they had to take the initiative to mark it +x, then run it again. That would prevent these kinds of surprises.
It would also make it completely unusable. Remember, all downloaded executables (even intentionally downloaded ones) will be -x by default. Do you really expect users to go right click->properties->permissions->allow execution? Or will they just conclude that it doesn't work.
Worse, you could actively irritate them - suppose they do double click and you DONT offer the ability to open it, but instead instruct them to go through that annoying procedure.
This check would be skipped if you clicked a link on the start menu (since you obviously meant to launch a program then).
Not necessarily. Along with the .desktop trojan, the blog I read also showed how to override system menu entries (by placing a replacement in the local folder which will override the system one). So the link you clicked on may not be what you intended..
But in order to do that a malicious script has to already be running! Such a system is already owned.
Thanks, Scott Ritchie