Blocking execution of non-exec things
Kees Cook
kees at ubuntu.com
Tue Jan 12 18:45:55 GMT 2010
Hi,
On Tue, Jan 12, 2010 at 07:40:12PM +0100, Milan Bouchet-Valat wrote:
> Le mardi 12 janvier 2010 à 10:19 -0800, Kees Cook a écrit :
> > Hello!
> >
> > As part of implementing the "Execute-Permission Bit Required" policy[1], I
> > need to make changes to a few MIME handlers and to the nautilus .desktop
> > file handler.
> >
> > The main issue is that of the error message to produce, and I'm hoping to
> > get some input for that from the Desktop team.
> Maybe you already know about it, but here's the thread in
> desktop-devel-list where it was decided how to phrase the dialog shown
> when .desktop files don't have +x set:
> http://www.mail-archive.com/desktop-devel-list@gnome.org/msg15440.html
>
> There, the message was:
> > The application launcher %s is not marked as trusted. If this
> > application launchers source is unknown to you then it may be unsafe to
> > launch.
>
> Sure, it doesn't do what you want, since it provides that bad button
> "Launch Anyway" (which was there for transition mainly). Anyway, that
> might be an inspiration, you could just remove the button.
Right, this is about strengthening that message further. I've already
uploaded a patch to remove the other buttons. :)
Thanks,
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-desktop
mailing list