#144335 is about nautilus executing too many things.
In contrast, #565233 is about cautious-launcher (a) not displaying its messages in some environments, and (b) being more restrictive than the relevant policy requires.
While the supplied patch by VestniK solves the "not displaying its messages" piece of this issue, nothing has yet addressed the "is more restrictive that required" part, as far as I can see.
Applications, including desktops and shells, must not run executable code from files when they are both:
lacking the executable bit
located in a user's home directory or temporary directory.
cautious launcher checks whether the file is under /usr/ or /opt/ instead of checking whether it is in the users home dir or in a temporary file area. Is there a good reason for this?
In particular, allowing files mounted under /media/ would handle the "file is on a CDROM" case much of the time.
Better still would be a check for whether the file is under the users home dir ($HOME) or in a temporary directory (under /tmp or /var/tmp ).
I can code that and provide a debdiff -- would such a change be accepted and useful?
The duplicate status of this bug seems incorrect.
#144335 is about nautilus executing too many things.
In contrast, #565233 is about cautious-launcher (a) not displaying its messages in some environments, and (b) being more restrictive than the relevant policy requires.
While the supplied patch by VestniK solves the "not displaying its messages" piece of this issue, nothing has yet addressed the "is more restrictive that required" part, as far as I can see.
The specification at https:/ /wiki.ubuntu. com/SecurityTea m/Policies# Execute- Permission% 20Bit%20Require d is:
Applications, including desktops and shells, must not run executable code from files when they are both:
lacking the executable bit
located in a user's home directory or temporary directory.
cautious launcher checks whether the file is under /usr/ or /opt/ instead of checking whether it is in the users home dir or in a temporary file area. Is there a good reason for this?
In particular, allowing files mounted under /media/ would handle the "file is on a CDROM" case much of the time.
Better still would be a check for whether the file is under the users home dir ($HOME) or in a temporary directory (under /tmp or /var/tmp ).
I can code that and provide a debdiff -- would such a change be accepted and useful?