Blocking execution of non-exec things

Kees Cook kees at
Tue Jan 12 18:45:55 GMT 2010


On Tue, Jan 12, 2010 at 07:40:12PM +0100, Milan Bouchet-Valat wrote:
> Le mardi 12 janvier 2010 à 10:19 -0800, Kees Cook a écrit :
> > Hello!
> > 
> > As part of implementing the "Execute-Permission Bit Required" policy[1], I
> > need to make changes to a few MIME handlers and to the nautilus .desktop
> > file handler.
> > 
> > The main issue is that of the error message to produce, and I'm hoping to
> > get some input for that from the Desktop team.
> Maybe you already know about it, but here's the thread in
> desktop-devel-list where it was decided how to phrase the dialog shown
> when .desktop files don't have +x set:
> There, the message was:
> > The application launcher %s is not marked as trusted. If this
> > application launchers source is unknown to you then it may be unsafe to
> > launch.
> Sure, it doesn't do what you want, since it provides that bad button
> "Launch Anyway" (which was there for transition mainly). Anyway, that
> might be an inspiration, you could just remove the button.

Right, this is about strengthening that message further.  I've already
uploaded a patch to remove the other buttons.  :)



Kees Cook
Ubuntu Security Team

More information about the ubuntu-desktop mailing list