Ubuntu
nautilus package

  1. Bug #364376
  2. Comment #0

Comment 0 for bug 364376

Revision history for this message
yetanotherhandle (justaname) wrote :

Binary package hint: nautilus

In what I would image could be one of the worst possible bugs imaginable to the novice linux user, an unimaginable thing happens when Display is pressed inside the nautilus dialogue box after a file is double clicked, the file is executed instead of displayed inside gedit or other editor of choice.

On my system, I currently have this file:
recursive_rename

With the contents:
#!/bin/bash

for x in `find . -type f`; do new=`echo $x | tr '[A-Z]' '[a-z]'`; mv $x $new; done

When I right click on the file and say open with text editor all is well and it opens the file with gedit.
When I double click the file it gives me the choice to run in terminal, display, cancel, or run; if I then choose display which normally opens my default text editor, it executes the file!

I learned this because I double clicked the above file, asked it to display it for me and suddenly a bunch of files in the same director were lower-cased! Imagine if I tried to display some sort of clean up or file deleting script!

The key here is that if the file has #!/bin/bash in it, nautilus will run the file when display is selected.

I have another file in the same directory:
sort_eliminate_double_entries

With the contents:
cat all.txt | sort | uniq > sortedUniqueList.txt

And with this file the correct behaviour is observed; when the file is double clicked and display is selected, it opens up the file in the default text editor and does NOT execute it as it would have if I had the bash declaration at the top.

I sincerely pray to the linux gods that this is not the desired behaviour. If this behaviour cannot be reproduced elsewhere, I will be more than happy to give as much detailed information as possible including hardware, system, and software specs.

Simple information:

hysterix@mybox:~$ sudo lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10

hysterix@mybox:~$ sudo apt-cache policy nautilus
nautilus:
  Installed: 1:2.24.1-0ubuntu2
  Candidate: 1:2.24.1-0ubuntu2
  Version table:
 *** 1:2.24.1-0ubuntu2 0
        500 http://us.archive.ubuntu.com intrepid-updates/main Packages
        100 /var/lib/dpkg/status
     1:2.24.1-0ubuntu1 0
        500 http://us.archive.ubuntu.com intrepid/main Packages

Expected to happen: When a bash script is double pressed and display was pressed I expected the file to be displayed!
What happened instead: The file was executed!

I believe this bug is a security vulnerability; files and processes should only execute when you want them to!