Now to fix archivers
Now to fix archivers
Posted Feb 27, 2009 18:23 UTC (Fri) by hppnq (guest, #14462)In reply to: Now to fix archivers by liljencrantz
Parent article: Desktop malware risk gets raised and patched
I am afraid you do not really understand what I mean. I was asking how many times you expect users to go through what could be easily perceived as a pointless dialog, and what exactly is accomplished by going through this dialog.
Those who believe that we can use the execute bit to indicate a certain level of trust are indeed forced to also take into account previously completely unrelated things, like permissions of archived files. Remember the security problem addressed here is about a kind of file that used to only be meaningful in a desktop environment. By requiring that desktop launchers be actual executables we have not really solved the actual problem at all, but I am all of a sudden stuck with a whole bunch of executables and a security policy that says "You trust all your executables".
There is no dialog on earth that could repair this.
So how would your dialog handle malicious RPM scripts?
Posted Feb 27, 2009 23:43 UTC (Fri)
by liljencrantz (guest, #28458)
[Link]
The simple answer to the question of how many times the question should be asked is simple: As long a no executable file is created, zero. If an executable file is created, the user should be prompted for confirmation once. The exception to this is with .desktop files, for which the prompt is shown when the file is first executed, and not when saved. Preferably, when a user is asked for confirmation and and gives it, the untrusted flag should be stripped; if the file is indeed evil, the damage is already done.
As for evil RPM:s, they are already handled by the package managers of today - packages that are not signed by a known key will not install without an extra override switch.
Now to fix archivers