Firefox proposes to open .exe files with Wine

Created an attachment (id=4832)
Screenshot of the download dialog

This problem is serious, if it can be reproduced.

It can.

Edited IRC log from today:

16:54 < Diziet> There has to be a whitelist.
16:55 < Keybuk> the mime type handling list is the whitelist
16:55 < Keybuk> we just shouldn't put dangerous things in that
16:55 < Diziet> But it's full of stuff like `run wine on this .exe'.
16:55 < Keybuk> now that's a valid bug ;)
16:55 < Diziet> But if you have the .exe installed on your machine and
double-click on it it _ought_ to run it with Wine !
16:55 < slomo> wine on every *.exe is wrong anyway
16:56 < Kamion> .exe files should just be made executable and use binfmt-support
16:56 < Kamion> then if you drop the MIME handling for them, non-executable .exe
files are safe
16:56 < Kamion> and executable ones work as expected
16:57 < Diziet> kamion: That would be a reasonable approach.
16:57 < Keybuk> Kamion: that's how you have to do it for the mono ones already
16:57 < Kamion> Keybuk: indeed so
16:57 < Diziet> So 18701 is a bug in the wine package ?
16:57 < Kamion> Diziet: in whatever does the MIME handling, I'd've thought
16:57 < Diziet> Err, wine presumabely specifies its own mailcap entries or what
have you.,
16:58 < Kamion> I don't know the layout
16:58 < Kamion> but if so, I'd think so, yes

Ian, what are we doing about this for 6.06? I'm fine with removing the entry from the MIME database if that's the simplest and safest approach.

Matt Zimmerman writes ("[Bug 24829] Re: Firefox proposes to open .exe files with Wine"):
> Ian, what are we doing about this for 6.06? I'm fine with removing the
> entry from the MIME database if that's the simplest and safest approach.

I've put this on my list and will remove the entry from the MIME
database unless someone else gets there first :-).

Ian.

I don't really think this is much of a security risk. Most windows viruses won't work with wine anyway, and a windows virus isn't nearly as dangerous run on a linux system because of the file permissions system. The absolute worst this could do is trash your home folder, and only then if it was a virus that acted on what's in the folder its run in -- most viruses try to set themselves up as services (which wine won't do) or overwrite windows system files (which won't exist).

On 12 May 2006 at 17h05, Joseph Garvin wrote:

Hi,

> The absolute worst this could do is trash your home folder,

What do you think is important on a desktop system? Your distro which
you reinstall in about 20 minutes, or your home folder with gigabytes
of data in it?

> and only then if it was a virus that acted on what's in the folder
> its run in -- most viruses try to set themselves up as services
> (which wine won't do) or overwrite windows system files (which won't
> exist).

This is still completely idiotic behaviour.

--
Colin

 wine (0.9.9-0ubuntu2) dapper; urgency=low
 .
   * Remove insecure mailcap entries; MS Windows '.exe' files should be run
     using 'binfmt-misc' support instead. (Closes: Ubuntu #24829)
   * Fix build-deps on 'libicu-dev'

oops, I acidently clicked a button, and added firefox (ubuntu) to packages affected by this bug. I've rejected it again.