On Tuesday 24 February 2009 20:33:49 Chris Robinson wrote:
On Monday 23 February 2009 5:14:20 pm Marcel Partap wrote:
The problem would be with one of the more common use case: trying to start/install a program from an optical disc. The files will not be marked +x and the directories not be writable.
They're +x for me. They're not writable, but they don't need to be.
Maybe if you mount the disc with the noexec option the files aren't +x, but that's exactly what's supposed to happen.. prevent execution of programs on the mounted filesystem. The same issue would exist if the user had a CD with Linux programs on it. Why should Wine deliberately side-step such a security feature? Just because it's an exe loaded by Wine instead of loaded directly by the system shouldn't change what happens, IMO.
Despite from the install-from-cdrom issue, few users that have (been) switched from windows to linux will know how to chmod +x a file, so wine would at least have to give them a hint (or even a button) to do it.
I don't think Wine needs to bring up a button. It's easy enough to say to run chmod +x, and it's possible to say how to do it in the file manager (right- click the exe->Properties->Permissions, select that it's executable; I don't imagine it's too different across the default file managers).
If the user goes through the trouble of explicitly marking the exe as executable, then it's on their hands. Ignoring the executable flag or using a passive click-through dialog is an accident waiting to happen.
Maybe a better solution would be to introduce an optional dependency on ClamAV and tight integration with it - known malware could be filtered and distributors would have greater interest in contributing to continuous ClamAV signature updates..
I don't think it's Wine's place to save users from themselves. However, it should be Wine's place to honor basic system security options the user has set, and not double-guess them.
Those are not security options and were never intended to be.
The +x permission or noexec mount option are more convenient ways of disabling POSIX execution of files that are not supposed to be executable or on filesystems that does not support POSIX permissions.
My FAT partitions disable +x through file mode mount option since I don't want the kernel to attempt to identify and execute every unknown file I happen to open/click/hit enter. On those partitions there are no POSIX executables but plenty of Win32 ones - many of them shared between Windows and Wine.