Default vfat file permissions - why executable?

Ethan Baldridge ethan at superiordocumentservices.com
Wed Oct 7 19:14:49 UTC 2009 

-----Original Message-----
From: Brian Vidal [mailto:dael99 at gmail.com] 
Sent: Wednesday, October 07, 2009 12:07 AM
To: ubuntu-devel-discuss at lists.ubuntu.com
Cc: Ethan Baldridge
Subject: Re: Default vfat file permissions - why executable?

>On Tue, 06 Oct 2009 17:45:37 -0400, Ethan Baldridge  
><ethan at superiordocumentservices.com> wrote:
>
>> This is broken - Nautilus should be using magic numbers, not extensions.
>> If the .bin file is actually an executable shell script it shouldn't be
>> assumed to be a Mac OSX binary. You should file a bug report. I haven't
>> noticed this behavior yet, but it's definitely broken if you're right.
>
>I'll do that. as soon as i remember from where I've downloaded the '.bin'  
>(...could have been 'Titanium'?)
>
>> Sorry, but IMO this is an awful idea - file operations should not be
>> dependent on arbitrary parts of the filename. See your problem with .bin
>> files above for an example why not.
>
>I have to accept that the .bin recognition will not solve the malware  
>problem,
>but nowadays if a double click an '.exe' expecting to have a wine  
>application there's
>no guarantee that i will have this really.

Well yeah, but that's because any file can be renamed "something.exe" - that has no bearing on the type of data it contains (if I'm misunderstanding you, let me know). Plus dotNET apps are named .exe for some reason. And occasionally ELF binaries that have been ported by well-meaning but perhaps less-than-clueful developers coming from the Windows world. But a port is better than a flamewar even if the file is named peculiarly. :)

In any case, what should happen when you double click on the file is that Nautilus/gnome-open looks at the magic and says "MZ - this is a windows binary!" and opens it in Wine if you have it installed (or rather, whatever you have set to open files of type "Windows executable").

>
>> To help prevent malware, I would say a better idea would be to issue a
>> warning if running an executable file from outside of $PATH. "You are
>> about to run a non-system executable. If you do not expect this file to
>> be an executable program or you do not trust the source, please cancel
>> the operation. [More Info] [Execute] [Cancel]" or something like that.
>
>This could be a good idea, but you are forgetting non-GNU applications  
>like Quake Wars,
>for example.

But those still put an executable or a symlink into one of /usr/local/bin || /opt/bin || /usr/local/games (or /usr/bin, even though they shouldn't) when installed system-wide. When installed for a single user the binary goes into his $HOME/bin (which I don't think is in the default $PATH on install, but I would argue that it probably should be, at least for uid>=1000).

So when executed it wouldn't give the warning, unless you're talking about the installer, which I would say precisely fits the definition of a non-system binary.

>
>If the user (maybe a noob) download a file and it's a '.bin' he will get  
>this
>message... I would get afraid.

That's the whole point of having the scary message. Think before you run executable code from third-parties. :) I did try to word my example in a more understandable way than what Windows uses when you download a .exe via Internet Explorer, so hopefully people would be more inclined to read it. But if any usability experts want to take up the idea, it could probably be improved more. :)

>
>But I see your point and I think that beyond going to change the way that  
>the bianries
>are treated, we should focus on how the user is dealing with them.
>
>And, your idea is better. +1 to implement this.

Thanks!

But to the original point of the thread: I agree in principle with dmask=000 (or 022), fmask=111 (or 133) on non-Unix partitions.

However, I just read the bug comment alluded to earlier, and it looks like Ubuntu uses binfmt_misc for execution instead of setting Wine to execute Windows binaries. So hmm...

Honestly I think binfmt_misc is more trouble than it's worth most of the time (notable exceptions being Unicode shell scripts), unless Ubuntu is going to start assigning loaders to everything. Why can't I run ./GEOS.c64 at the command line and have it automatically start VICE?

I'd rather leave win32 binaries non-executable and have gnome-open decide what to do with it, same as any other data file.

-Ethan

More information about the Ubuntu-devel-discuss mailing list