sun-java6's binfmt impacts Office 2007 and Zip files

Bug #552612 reported by Francois Gouget
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
sun-java6 (Ubuntu)
Won't Fix
Undecided
Unassigned

Bug Description

The problem is that the binfmt created by sun-java6-bin also matches regular Zip files and Office 2007 files. This means that if you get these files from a FAT filesystem (typically a USB stick), then they become 'almost' executable. Here's how to reproduce the problem:

   $ echo foo >foo.txt
   $ zip foo.zip foo.txt
   $ chmod +x foo.zip

Now on a system without sun-java6-bin installed if you try to run or exec that file you would get:

   $ ./foo.zip; echo $?
   bash: ./foo.zip: cannot execute binary file
   126
   $ exec ./foo.zip
   bash: /tmp/foo.zip: cannot execute binary file
   bash: /tmp/foo.zip: Success

But on a system where sun-java6-bin has been installed you get:

   $ ./foo.zip; echo $?
   invalid file (bad magic number): Exec format error
   1
   $ exec ./foo.zip
   <xterm is gone because exec succeeded>

The reason is that Jar files look like Zip files so the content matching pattern used by /proc/sys/fs/binfmt_misc/jar matches both. The issue is the same with the new Office 2007 files such as docx and pptx files.

Options:
1) Make the binfmt magic distinguish between Jar files and Zip files.
    This may not be possible.

2) Match based on the extension instead as documented in the kernel Documentation/java.txt file.
    This means only files with the .jar extension will be runnable which may be too limiting if the goal is to make it possible to have /usr/bin binaries actually be Java applications. However, are these really Jar files or would they be Class files? Or would wrapping them with a Class file be ok?

3) Remove the Jar binfmt altogether.
    Do the advantages of wrapper-less execution of no-extension Jar files justify changing the exec() behavior of zip and Office 2007 files? Are such files actually common?

There is also an underlying philosophical question: what should a file manager do when the user double-clicks on an executable file?
 1) fork()+exec() it and if exec() fails, then look for an association as a fallback
 2) or look for an association first and only try fork()+exec() as a fallback (or even have no fallback at all)

Nautilus seems to implement option 2 so it's not impacted by this issue.

Revision history for this message
Graham Perrin (grahamperrin-gmail) wrote :

Might there be a relationship between this bug 552612
and what's described under https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/593459 ?

Revision history for this message
Francois Gouget (fgouget) wrote :

I'm not sure; the symptoms are pretty different.
The best way to make sure would be to check whether the /proc/sys/fs/binfmt_misc/jar file (or equivalent) is present on the systems where Thunderbird cannot open the attachments and missing on the others, and whether adding it breaks things. This should be pursued on the other bug though.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sun-java6 (Ubuntu):
status: New → Confirmed
Revision history for this message
David Burke (bufke) wrote :

This is still a problem in 12.04. It can lead to users installing Office via Crossover or Wine and not being able open docx files when double clicking.

Crossover suggests just removing binfmt

http://www.codeweavers.com/support/wiki/linux/faq/cxofficejavaassociation

I reproduced it using Oracle java 7 installed by http://www.duinsoft.nl/packages.php?t=en as suggested in the Ubuntu wiki.

Revision history for this message
Sylvestre Ledru (sylvestre) wrote :

sun java6 license changed. we cannot reproduce it.
Closing this bug.

Changed in sun-java6 (Ubuntu):
status: Confirmed → Won't Fix
Revision history for this message
MestreLion (mestrelion) wrote :

@sylvestre (#5): but the same issue exists in openjdk 6 and 7.

I've posted bug 1172961 about it, with a similar (but more extended) description.

Care to pitch in?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.