nautilus runs file when display is clicked
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Nautilus |
Fix Released
|
Medium
|
|||
nautilus (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs |
Bug Description
Binary package hint: nautilus
When Display is pressed inside the nautilus dialogue box after a file is double clicked, the file is executed instead of displayed inside gedit or other editor of choice.
On my system, I currently have this file:
recursive_rename
With the contents:
#!/bin/bash
for x in `find . -type f`; do new=`echo $x | tr '[A-Z]' '[a-z]'`; mv $x $new; done
When I right click on the file and say open with text editor all is well and it opens the file with gedit.
When I double click the file it gives me the choice to run in terminal, display, cancel, or run; if I then choose display which normally opens my default text editor, it executes the file!
I learned this because I double clicked the above file, asked it to display it for me and suddenly a bunch of files in the same directory were lower-cased! Imagine if I tried to display some sort of clean up or file deleting script!
The key here is that if the file has #!/bin/bash in it, nautilus will run the file when display is selected.
I have another file in the same directory:
sort_eliminate_
With the contents:
cat all.txt | sort | uniq > sortedUniqueLis
And with this file the correct behaviour is observed; when the file is double clicked and display is selected, it opens up the file in the default text editor and does NOT execute it as it would have if I had the bash declaration at the top.
I sincerely pray to the linux gods that this is not the desired behaviour. If this behaviour cannot be reproduced elsewhere, I will be more than happy to give as much detailed information as possible including hardware, system, and software specs.
Simple information:
hysterix@mybox:~$ sudo lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10
hysterix@mybox:~$ sudo apt-cache policy nautilus
nautilus:
Installed: 1:2.24.1-0ubuntu2
Candidate: 1:2.24.1-0ubuntu2
Version table:
*** 1:2.24.1-0ubuntu2 0
500 http://
100 /var/lib/
1:
500 http://
Expected to happen: When a bash script is double clicked and display was pressed, I expected the file to be displayed!
What happened instead: The file was executed!
I believe this bug is a security vulnerability; files and processes should only execute when you want them to!
description: | updated |
tags: | added: display execute nautilus problem run |
description: | updated |
description: | updated |
visibility: | private → public |
Changed in nautilus (Ubuntu): | |
importance: | Low → Medium |
status: | Incomplete → Confirmed |
Changed in nautilus: | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:
* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?
* Could you try on jaunty?
This will help us to find and resolve the problem.