Hello Enrico,
On dt., gen. 07 2020, Enrico Weigelt wrote:
What might supposed to be convenience functionality, poses a
real-life
security threat:
A user can be tricked be tricked to download malicious code,
unpack it with
+x permissions (eg. via tar) and execute it by just clicking on
the icton.
In combination with other techniques (eg. homoglyphs), even more
experienced
users can be tricked "open" some supposedly harmless file type,
while Thunar
in fact executes a binary - with full user's privileges. (the
same approach
is one of the primary infection vectors used by thousands of
malwares in
Windows world, which already caused gigantic damages).
Therefore introduce a new setting and only execute programs if
explicitly
enabled.
That's great!
Have you tried poking Thunar's developers into merging such a
feature?
This is where the developers would like such things:
https://docs.xfce.org/xfce/thunar/bugs
It'd really be the best place for a setting like this to land and
benefit all Thunar users out there (which are not limited to
Debian-like or even Linux, but also include the BSDs).
Cheers!
--
Evilham
_______________________________________________
Dng mailing list
[email protected]
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
