On Tuesday 24 February 2009 8:57:23 pm Scott Ritchie wrote:
It would also make it completely unusable. Remember, all downloaded executables (even intentionally downloaded ones) will be -x by default. Do you really expect users to go right click->properties->permissions->allow execution? Or will they just conclude that it doesn't work.
I would expect them to mark it executable. That's how most Unix systems work. A Linux-native executable/script would need to be set as executable by the user all the same.
Worse, you could actively irritate them - suppose they do double click and you DONT offer the ability to open it, but instead instruct them to go through that annoying procedure.
It's hardly annoying as it takes all of two seconds (or less). It's part of normal system operation that the user will already have to deal with outside of Wine. And at least they'll know that it's something that is going to be executing, instead of simply opened/read. Trading safety for user convenience like that is a bad habit to pick up.
Not necessarily. Along with the .desktop trojan, the blog I read also showed how to override system menu entries (by placing a replacement in the local folder which will override the system one). So the link you clicked on may not be what you intended..
But in order to do that a malicious script has to already be running! Such a system is already owned.
True enough, I suppose. It just seems unnecessary to me to special-case it since a program installed via Wine (that would have created such a menu entry) is already marked as +x. What kind of scenario would there be for a user to have a menu entry and the program its pointing to to unknowingly be -x?