On Wed, Feb 25, 2009 at 7:56 AM, Johan Dahlin <johan@gnome.org> wrote:
Dan Kegel wrote:
> On Tue, Feb 24, 2009 at 6:07 PM, Scott Ritchie <scott@open-vote.org> wrote:
>> When I brought this up at the Ubuntu Developer Summit a while back, the
>> security conscious there wanted to check an executable for the execute
>> bit before launching it with Wine.  Then, the user would be prompted if
>> they wanted to run it, and if yes the execute bit would be set and the
>> program launched.
>>
>> This check would be skipped if you clicked a link on the start menu
>> (since you obviously meant to launch a program then).
>
> Sounds good.  A helper app could do this for us, I think.
>
>> That said, there's no point becoming "safe" until the desktop also
>> disables single click running of .desktop files that don't have the
>> execute bit set.  It's trivial to write a piece of Linux malware that
>> does whatever you want by making it a .desktop file - you can even make
>> it so it displays as whatever name you like (and not foo.desktop).
>
> Right.  Both changes are needed, the .desktop one more urgently.

That's already solved in nautilus;

http://svn.gnome.org/viewvc/nautilus?view=revision&revision=15003

Johan




Now that Nautilus has the desktop file requiring execute bit, I have a question for all of you to consider. Do JAR files require the +x bit to load them, or are they treated like associated files and run through the interpreter? Really, Windows apps on Linux is basically the same situation as Java applications run through the bytecode interpreter. Most distros do not treat Java JAR files are executables, but rather as an associated file to the JVM. AFAIK, the main difference between the Wine and Java methods is that Wine doesn't sandbox its loading environment, while Java does. If Wine used a W32VM of some kind, then it would make more sense _not_ to require the execute bit. However, it does not use one, so it would make sense to have the execute bit. 

Also, NTFS DOES have a concept of execute bits, but Windows itself does not use them. An implementation of this is the "trusted" app scheme in the properties in Windows Vista and above (I don't remember if XPSP2 had it also). Although this scheme is mostly broken, it was intended to stop the execution of apps just downloaded from the internet from a non-trusted source.