On 25/02/09 01:54, Ben Klein wrote:
2009/2/25 Chris Robinsonchris.kcat@gmail.com:
On Tuesday 24 February 2009 3:46:53 pm Paul Chitescu wrote:
My FAT partitions disable +x through file mode mount option since I don't want the kernel to attempt to identify and execute every unknown file I happen to open/click/hit enter. On those partitions there are no POSIX executables but plenty of Win32 ones - many of them shared between Windows and Wine.
If you want to execute something (Wine or otherwise), why set -x? If you set a file to be -r, would you expect to read it in Wine, still? Or if it's -w, would you expect Wine apps to be able to write to it? Of course you wouldn't, so why should x be different?
If you require an exe to be +x, it becomes quite a bit more difficult to unintentionally run it. Unsolicited files do not get +x, thus it's impossible to execute them, accidentally or carelessly (sans the .desktop file issue that has come up, again, recently). If you ignore the +x, then all it takes is a mis-click on an email or some other simple mistake.
"Unsolicited" files will get +x with default mount options on vfat/fat partitions, because ALL files on such partitions get +x this way.
I would at least like to see Wine respect noexec, if possible. I understand concerns about Wine respecting +x, due mainly to CD-based installers that may or may not have +x set on the files, but I think it would also be the *correct* thing to do. Possibly have some registry entry disable the +x check? This would be particularly useful on a per-application basis, allowing the construction of a whitelist.
After all the discussion it still seems to me as if wine should neither relay on filesystems being mounted exec nor +x executables for now but instead really try and loosely integrate with the only FOSS anti-virus solution there is, clamav. Better than annoying one half of the users with non-runnable programs and giving the other half a false sense of security. regards.