Blocking execution of non-exec things
Kees Cook
kees at ubuntu.com
Tue Jan 19 15:25:20 GMT 2010
On Tue, Jan 19, 2010 at 11:38:54AM +0100, Martin Pitt wrote:
> Kees Cook [2010-01-12 10:19 -0800]:
> > As part of implementing the "Execute-Permission Bit Required" policy[1], I
> > need to make changes to a few MIME handlers and to the nautilus .desktop
> > file handler.
> >
> > The main issue is that of the error message to produce, and I'm hoping to
> > get some input for that from the Desktop team.
>
> I actually find the current error message text quite good. Keeping it
> would also mean to not break all the existing translations.
>
> How about we just drop the "Start anyway" and "Mark as trustworthy"
> (translated from German) buttons and replace it with a "Explain..."
> button which pops up a message box with further text, or opens a web
> browser with a wiki page?
Sure, that sounds good. For people upgrading from Hardy, I'm thinking we
need to preserve the Start/Mark buttons when the .desktop has a ctime
(marking a .desktop as executable doesn't change mtime) below a certain
date; perhaps the release date of Karmic?
For the Wiki, I've built:
https://wiki.ubuntu.com/Security/ExecutableBit
Currently the mime-support patch points there, but "cautious-launcher"
(for MIME handlers) needs to be translatable.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-desktop
mailing list