Default action of executing scripts is dangerous and counter-intuitive

Bug #1763360 reported by Ari on 2018-04-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Synapse
Undecided
Unassigned

Bug Description

## Short description

From rev. 616 and forward Synapse executes all executable files by default, regardless of where they are located on the file system and whether or not they are linked to the $PATH. This is an incredibly counterintuitive and dangerous change that can potentially lead to data loss or worse.

I propose that this change either be reverted or the default handling of executable scripts be made configurable.

## Long description

The history of the handling of executable scripts traces back to 2011 when a change to the default behaviour of opening them in the default text editor was initially proposed by a user (https://bugs.launchpad.net/synapse-project/+bug/695437). There was a lot of controversial discussion about this request, with most users, the original creator of Synapse included, pointing out the dangers of executing shell scripts arbitrarily. I alongside many others vehemently opposed to this proposition, but nonetheless after 5 years it was eventually made the default in 2016.

Yesterday was the first time in a couple of years that I tried out Synapse, and the very first thing that happened to me is that I unknowingly executed a number of build scripts outside their project directories from my launcher. Thanks to the power of `set -ue` this did not have any dire consequences, but if my scripts had been coded just a bit more sloppily and didn't include any error handling (like a lot of shell scripts do) this could have resulted in my files being deleted or worse.

From a data security and usability standpoint, putting arbitrary executable files on the file system at the fingertips of the user _outside of their directory context_ is simply untenable. There is a reason why we have the $PATH and .desktop launcher system. Coming from any other file/app launcher it should be a reasonable expectation that Synapse will not just launch any file I point it to that just happens to have the executable bit set. Mistyping is common, and with Synapse's fuzzy file name matching one wrong keypress could be the difference between looking at a family photo, and having that same family photo be erased forever by a script running amok outside of its original context.

## Proposal

I propose that Synapse revert to the old way of handling executable files, with the new behaviour either dropped entirely or made optional.

An optional implementation could either be done through a config setting, or by adding executing executable files as a secondary action available after pressing Tab. This would enable users to still execute their files from Synapse without any of the dangers of the current implementation.

Ari (ari-lp) on 2018-04-12
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers