needs to block non-executable files from executing
Bug #506702 reported by
Kees Cook
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mime-support (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
nautilus (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
openjdk-6 (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
sun-java6 (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
wine (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
wine1.2 (Ubuntu) |
Fix Released
|
High
|
Kees Cook |
Bug Description
Binary package hint: nautilus
Following the ratification of the "Execute-Permission Bit Required" security policy, several packages need to have their mime handlers updated to reject opening of various file types that are actually executables when they lack the execute bit.
https:/
Changed in nautilus (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in sun-java6 (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in openjdk-6 (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in wine (Ubuntu): | |
status: | Confirmed → In Progress |
Changed in mime-support (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
Changed in mime-support (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in nautilus (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in openjdk-6 (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in sun-java6 (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in wine (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
Changed in wine1.2 (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Kees Cook (kees) |
Changed in sun-java6 (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in nautilus (Ubuntu): | |
status: | In Progress → Fix Released |
To post a comment you must log in.
The major thing to look for is .desktop files that trigger off of MimeTypes, yet actually run the target file. For example /usr/share/ applications/ openjdk- 6-java. desktop:
... lib/jvm/ java-6- openjdk/ bin/java -jar application/ x-java- archive; application/ java-archive; application/ x-jar;
Exec=/usr/
...
MimeType=
This leads to executing the JAR file, even when it lacks the execute bit.