Malicious software in Windows has been known to try getting past simple file type checks by spreading a zip file containing the actual executable.
In our case, a user could get a tarball containing an executable with the +x bit set from a malicious user. Perhaps make file-roller ask the user before unpacking archives that have the executable bit set. -- needs to block non-executable files from executing https://bugs.launchpad.net/bugs/506702 You received this bug notification because you are a member of OpenJDK, which is subscribed to openjdk-6 in ubuntu. Status in “mime-support” package in Ubuntu: Fix Released Status in “nautilus” package in Ubuntu: In Progress Status in “openjdk-6” package in Ubuntu: Fix Released Status in “sun-java6” package in Ubuntu: In Progress Status in “wine” package in Ubuntu: Fix Released Status in “wine1.2” package in Ubuntu: New Bug description: Binary package hint: nautilus Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit. https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
