Dan Kegel wrote:
On Mon, Feb 23, 2009 at 4:00 PM, Ben Klein shacklein@gmail.com wrote:
http://www.avertlabs.com/research/blog/index.php/2009/02/23/running-windows-...
"Do not set the file association for Windows executables with Wine. This would enable running Windows executables in Wine by simply double clicking them."
Yes, exactly. The default should be off, and it should be easy to turn on.
And if we're willing to deal with an influx of users complaining why it doesn't work like that any more, we should do it. We'd probably also have to get all the package maintainers on board though.
Yes, this will require a modicum of consensus. We might decide to stay unsafe, or we might decide to make the bindings be in a separate package, so it's easier for admins to flip the switch.
My packaging process doesn't do anything that explicitly associates Wine with exes, but I just tried opening an exe from Thunar and it ran ... interesting. Debian, 1.1.15
Yep.
- Dan
When I brought this up at the Ubuntu Developer Summit a while back, the security conscious there wanted to check an executable for the execute bit before launching it with Wine. Then, the user would be prompted if they wanted to run it, and if yes the execute bit would be set and the program launched.
This check would be skipped if you clicked a link on the start menu (since you obviously meant to launch a program then).
That said, there's no point becoming "safe" until the desktop also disables single click running of .desktop files that don't have the execute bit set. It's trivial to write a piece of Linux malware that does whatever you want by making it a .desktop file - you can even make it so it displays as whatever name you like (and not foo.desktop).
Thanks, Scott Ritchie