It doesn't really matter how much you write to the contrary, or how personal you get, the fact of the matter remains that opening a file downloaded from the Internet results in arbitrary code execution.
Your opinion is that this is OK. My opinion is that this is not OK. (1) The users don't expect this Regardless of whether the users will agree with your explanation of why this works the way it does, they will open files downloaded from the Internet thinking that nothing can happen. Ubuntu has been reinforcing this attitude, for example by Firefox warning against opening *executable* files with a scary warning, while opening non-executable data types seamlessly. (2) It lowers the barrier for malicious code execution too low If Ubuntu ever gets a sizable market share, this will get targeted by malicious code writers, and it will get fixed. No harm in keeping this bug open for at least that long, is there? (3) Fix is easy to implement, albeit with some level of hackery There is always some level of hackery involved when trying to fit a model to the real world. (4) We have had this debate before We have all laughed at people opening e-mail attachments in Outlook or simply opening documents in Word and getting viruses and what not. This is not different. For all these reasons, the bug should be fixed. On Fri, Jun 18, 2010 at 20:40, Robert O'Connor <robby.ocon...@gmail.com> wrote: > I hate to say it but Kiri is right in this case. This sounds more like > somebody who doesn't understand what a jar file actually is. There is no > attitude, just simply a case of somebody who doesn't get what a jar file is > and how it gets executed. I don't get why this bug is even still open... > > Just my $0.02. > > -Rob > > > On Fri, Jun 18, 2010 at 3:22 PM, Jan Minář <rdan...@rdancer.org> wrote: > >> @Kiri Your attitude is not helping. >> >> On Fri, Jun 18, 2010 at 20:13, Kiri <jyqvkl...@googlemail.com> wrote: >> > I regard this as not a bug. There may be an issue, but the issue is not >> > a bug. >> > >> > -- >> > Opening a Java Archive (.JAR) file executes it regardless of the >> "executable" permission bit >> > https://bugs.launchpad.net/bugs/313439 >> > You received this bug notification because you are a direct subscriber >> > of the bug. >> > >> >> -- >> Opening a Java Archive (.JAR) file executes it regardless of the >> "executable" permission bit >> https://bugs.launchpad.net/bugs/313439 >> You received this bug notification because you are a direct subscriber >> of the bug. >> > > -- > Opening a Java Archive (.JAR) file executes it regardless of the "executable" > permission bit > https://bugs.launchpad.net/bugs/313439 > You received this bug notification because you are a direct subscriber > of the bug. > -- Opening a Java Archive (.JAR) file executes it regardless of the "executable" permission bit https://bugs.launchpad.net/bugs/313439 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
