[Bug 12844] New: nautilus's clever anti-hax0r detection is really dumb

bugzilla-daemon at bugzilla.ubuntu.com bugzilla-daemon at bugzilla.ubuntu.com
Thu Jul 21 06:58:55 UTC 2005 

Please do not reply to this email.  You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=12844
Ubuntu | nautilus

           Summary: nautilus's clever anti-hax0r detection is really dumb
           Product: Ubuntu
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: nautilus
        AssignedTo: seb128 at ubuntu.com
        ReportedBy: desrt at desrt.ca
         QAContact: desktop-bugs at lists.ubuntu.com


Cannot open attachment.cgi.html

The filename "attachment.cgi.html" indicates that this file is of type "HTML
page". The contents of the file indicate that the file is of type "differences
between files". If you open this file, the file might present a security risk to
your system.

Do not open the file unless you created the file yourself, or received the file
from a trusted source. To open the file, rename the file to the correct
extension for "differences between files", then open the file normally.
Alternatively, use the Open With menu to choose a specific application for the
file. 




Can this error dialog please die now (or at least be special-cased to only apply
to situations where your computer is *actually* in danger)?  It'd be great it
Nautilus just did the reasonable thing and opened the file in either ephy or
gedit.  I can't really think of a case where opening a file like this could be a
security problem (except in the case where the file is explicitly marked
executable, and this could be handled as the special case).  Certainly, in any
case where Nautilus is about to execute a script (rather than open it in an
editor) I'd like to be asked about it anyway.

For the record, Nautilus has the following preference:

Executable Text Files:
  ( ) Run executable text files when they are clicked.
  ( ) View executable text files when they are clicked.
  (o) Ask each time.    <-- default.

Even if I set this to "Run executable text files when they are clicked" and
double click on a shellscript that has the extension ".sh" it opens in gedit
because it lacks mode +x.

-- 
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the desktop-bugs mailing list