Waldo Bastian wrote: >This isn't about executable bits but about not executing binary program files. > > "binary" Does that include e.g. python scripts?
>I will adjust the wording to make this more clear. > > Thanks for all your great work. >Cheers, >Waldo > >On Tuesday 14 March 2006 11:22, Peter wrote: > > >>I have a concern about autoopen in the autostart-spec. I'll start with >>a quote: >> >>The relative path MUST NOT point to an executable file. ... If the >>relative path points to an executable file then the desktop environment >>MUST NOT execute the file. >> >>I don't know exactly how Windows-free you guys are, but consider if >>someone wants a cross-platform medium of some kind. They would >>certainly want Windows to read it, and Windows formats often don't have >>executable bits. These mediums get mounted with EVERY file marked >>executable, at least on every Unix (which pretty much means Linux ;) >>I've tried it with. Seeing as though this part of the spec is most >>foreseeably useful for cdroms, I'll point you to something I did a quick >>Google for: >> >>http://aplawrence.com/Bofcusm/1324.html >> >>So far this is sapping the spec of its usefulness. I did a search in >>the archives, and someone else seemed to mention that directories are >>also valid candidates for autoopen. I agree. >> >>I understand that this is a matter of security; however, I would suggest >>that the execute bit be explicitly ignored. Hopefully this wouldn't >>result in kludgey vfs work-arounds. On that note, I'll again quote the >>spec: >> >>When an Autoopen file has been detected and the user has confirmed that >>the file indicated in the Autoopen file should be opened then the file >>indicated in the Autoopen file MUST be opened in the application >>normally preferred by the user for files of its kind UNLESS the user >>instructed otherwise. >> >>This implies that the user "MUST" be prompted (shouldn't this be >>explicit to avoid mis-interpretations?) and be given the same >>responsibility one requires when opening any media, visiting any >>website, or otherwise using one's computer. This seems simple enough to >>me. Removing the execute bit and prompting the user will give the same >>level of security that would otherwise be given without the execute bit >>in the first place. >> >>Hopefully I haven't wasted your time with something that has been >>addressed. _______________________________________________ >>xdg mailing list >>[email protected] >>http://lists.freedesktop.org/mailman/listinfo/xdg >> >> > > > >------------------------------------------------------------------------ > >_______________________________________________ >xdg mailing list >[email protected] >http://lists.freedesktop.org/mailman/listinfo/xdg > > _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
