Re: Nautilus, metadata and extendet attributes

[Fabio Gomes <bugtraq gs2 com br>]

> > Nevertheless, the point is not to educate them.  The point is to write
> > robust software so uneducated users don't get a chance to shoot
> > themselves in the foot.
> It could be possible if you forbade execution of all but approved applications (executables).
> I don't see any other solution.
> 
> Regards,
> 
> Olaf

Indeed. Some steps would be needed:

1. Disable direct execution from the file manager. Means that programs
would be executable only from launchers in the Applications Menu and the
Desktop or from the Run dialog

2. Don't *ever* associate .exe with Wine, Mono, Dosemu or whatever. Also
don't associate .jar with Java. Leave this program type association work
to the kernel with BINFMT_MISC, which obeys the executable bit. Pehaps
only Linux supports this.

3. Don't associate scripts with their interpreters. Warn users if they
try to do this. (ie. hardcoding a list of known script interpreters).

Of course, the distributors of GNOME would need a spec to follow.

This would completely eliminate the possibility of fooling the user into
executing programs, be it by mail or via Nautilus.

Of course, I may be wrong.

-- 
Fabio Gomes de Souza <fabio gs2 com br> (+55 81 9127-0597)

.- GS2 TECNOLOGIA DA INFORMACAO LTDA :: www.gs2.com.br
|- IT Infrastructure :: Security :: Embedded systems :: Linux
`- Olinda, Brazil - +55 81 3492-7777 - negocios gs2 com br