smithjd added a comment.
In D15718#330864 <https://phabricator.kde.org/D15718#330864>, @ngraham wrote: > Making files executable that don't need to be executable is a bad security habit. What if the contents get replaced with something malicious? Suddenly that now-malicious file has execute permissions. Replacing a file's contents requires write permissions on the file. I have plenty of executable shell scripts that aren't an immediate security risk, though I suppose if someone gained write privileges over my home statistically speaking a shell script is (currently) the most likely choice to gut and replace with malicious code. If an attacker already has write permission over your home you have bigger problems than a forgotten set-executable file in it somewhere anyway. The patched state of that machine's software packages dictates how devastating that payload was to your administrator, meanwhile your home has probably been wiped. > > > --- > > Conceptually, you are proposing that the rest of the world adapt to our software, rather than the other way around. That's simply not practical. Even if this were a good idea, the world will never adapt to us. We must adapt to the world. Our software does not exist in a perfect state of total control over the environment it inhabits; it exists to facilitate busy people with messy lives as they work to accomplish their tasks with a minimum of hassle. That goal is not enhanced by breaking KDE Plasma's search tool for them unless they give all of their files execute permissions. > > Sorry, no go. We need to find a better way. REPOSITORY R293 Baloo REVISION DETAIL https://phabricator.kde.org/D15718 To: smithjd, ngraham, #baloo Cc: bruns, ngraham, kde-frameworks-devel, #baloo, ashaposhnikov, michaelh, astippich, spoorun, abrahams
