2009/2/26 King InuYasha ngompa13@gmail.com:
Now that Nautilus has the desktop file requiring execute bit, I have a question for all of you to consider. Do JAR files require the +x bit to load them, or are they treated like associated files and run through the interpreter? Really, Windows apps on Linux is basically the same situation as Java applications run through the bytecode interpreter.
You just answered your own question. Java is interpreted and has to be passed through a compatible byte-code interpreter. Wine does not interpret PE files in this fashion, and cannot because it is not and does not have a CPU emulator. So a JAR file should run if passed as an argument to the interpreter, just like what happens with the scripting languages that open the file for reading instead of trying to fork and execute.
Also, NTFS DOES have a concept of execute bits, but Windows itself does not use them. An implementation of this is the "trusted" app scheme in the properties in Windows Vista and above (I don't remember if XPSP2 had it also). Although this scheme is mostly broken, it was intended to stop the execution of apps just downloaded from the internet from a non-trusted source.
NTFS has the concept of metadata. Windows does not use it as an equivalent for +x bit though. And even if it did, it wouldn't be a big help for Wine, because Wine doesn't like NTFS :)
2009/2/26 Scott Ritchie scott@open-vote.org:
It's hardly annoying as it takes all of two seconds (or less). It's part of normal system operation that the user will already have to deal with outside of Wine. And at least they'll know that it's something that is going to be executing, instead of simply opened/read. Trading safety for user convenience like that is a bad habit to pick up.
It takes about 2 seconds once you've learned how to do this, but this is hardly an easily discoverable task.
One word for you: EDUCATION. Newbies should be taught how things work. We shouldn't base all our usability decisions based on what they expect. They expect it to "just work". The only case we're talking about here where it won't "just work" is when they download an app to install; in this case they have to +x it explicitly. Just like if it was a regular ELF executable.
Regardless, when a user says "open the program" twice in a row - by clicking on it and then clicking "run this program" on the associated dialog box, I think it best we got out of their way rather than assume they actually meant "no, don't run it until I make 4 more clicks on a different tab in the preferences dialog."
Wow 4 more clicks? That might give me RSI! Why don't we get out of their way entirely and automatically run wineboot when they log on to an X session, so they get Steam and all their trojans running without warning?
People seem to forget that security comes at the cost of convenience. In my opinion, requiring +x is not just about security (for downloaded applications in particular) but about correctness. Wine is not an interpreter, it's a binary loader. It should act like a binary loader and respect +x. If possible, it should respect noexec mount option too.
Does Wine do this in all cases (mark installed executables as +x)?
I believe so. As it's been mentioned, Wine goes to great lengths to make sure EXEs are marked +x, but it doesn't do anything else with it. I expect that this is mostly to keep binfmt-misc happy.
What this thread needs now is a final decision from AJ. :)