OpenSuse 12.3: doing it wrong



  • Too funny (and a bit sad) not to post:



  • What have you done?!
    I don't have a PC with KDE on my hands atm, so I can't look up if it thinks what it is but ... did you by any chance doubleclick an executable that doesn't have the +x permission?



  • Yes, that's exactly what I did (except it was single click I think).

    The very least it should do is detect that special case and show an information message about the missing permission. Unless they think the common user will never have any reason to run raw executable files through the GUI, or that they will never receive one without the permission set.

    And then there's the funny Ubuntu systems (maybe not all, but it's happened to me several times) that mount external FAT32 drives and set all files as executable, prompting you every time if you want to run the .txt files or just display them.



  • @anonymous234 said:

    And then there's the funny Ubuntu systems (maybe not all, but it's happened to me several times) that mount external FAT32 drives and set all files as executable

    That’s not just Ubuntu, but every *nix I’ve seen: if the file system doesn’t support permissions, they will all be set so everyone can access anything just like in the OS that the file system originated on. The WTF in the case you describe is that the system checks executability before file association.


  • Discourse touched me in a no-no place

    @Gurth said:

    The WTF in the case you describe is that the system checks executability before file association.

    The order is probably this: if actually executable (as determined by the access() system call) run it. Otherwise run the MIME-type-determining library on it and use the result to look up what to do.



  • And if you ever saw the MIME-type-determining library, you might just cringe a little.

    It is not known as libmagic for nothing.



  • @anonymous234 said:

    The very least it should do is detect that special case and show an information message about the missing permission. Unless they think the common user will never have any reason to run raw executable files through the GUI, or that they will never receive one without the permission set.

    I'm kind of surprised that nobody's made an app that just pops up a dialog box informing the user of that and bound it to the association for application/x-executable.



  • The good ideas thread is this way: ➡ ↘ ⬆

    The coding categories are this way: 🐾 🐾 🐾



  • ... why would you rip-off the worst bit of OS X 10.2?


  • Discourse touched me in a no-no place

    @Arantor said:

    And if you ever saw the MIME-type-determining library, you might just cringe a little.

    I wouldn't. I've already looked and have become… well, inured to the horror. I just don't want to know any more.



  • Reading the manpage on BSD access() just now makes me wonder how what I said differs from what you did.

    Also:

    CAVEAT Access() is a potential security hole and should never be used.
    But I guess it’d be naive to assume people actually heed warnings like this.


  • @dkf said:

    I wouldn't. I've already looked and have become… well, inured to the horror. I just don't want to know any more.

    Yes, the abyss stares back into you.


  • Discourse touched me in a no-no place

    @Gurth said:

    Also:

    CAVEAT Access() is a potential security hole and should never be used.
    But I guess it’d be naive to assume people actually heed warnings like this.

    The security hole relates to the fact that there is a gap between when the test is performed and when any action is made predicated on that test. Yet it is still the right test; the only alternative would be to just execve() and handle the failure, but that's much harder than it appears to be. A non-normative access() check (with the X_OK flag) is the best option.

    And you still need your code to handle failures. The race condition is real.



  • OK, that makes sense — would have been handy if the man page explained the reason, though, as I doubt it would occur to me if I'd ever have a need to use this.


  • Discourse touched me in a no-no place

    @Gurth said:

    OK, that makes sense — would have been handy if the man page explained the reason, though, as I doubt it would occur to me if I'd ever have a need to use this.

    GUIs and stuff like that are the use case, where you need to know if you can execute something without actually doing so. Some people think you can substitute with stat() (or lstat() or fstat()) but that's not so: access() is allowed to use the ACLs to inform the decision, which the stat() family know nothing about. (Things get even more “fun” with NFS and AFS.)

    The case where it shouldn't be used is guarding an open() call. Handling the failure is far better there (though doing so can trip certain kinds of audit logs, which is usually an indication that most people who do software audit have no fucking clue what they're doing, as usual).



  • Said another way: view access() like you would doing JavaScript validation or checking on a web page. You can put it there as a convenience for the user because of an improved UI -- but it using it as a definitive check for something security-sensitive is a good way to get yourself pwned.



  • Anyone else finds this KDE look totally disgusting? Seriously, KDE could appeal to me, if not for these terrible brown gradients.



  • You can change the theme~
    And KDE5 (not the actual name, but I CBA to find the way it's actually called) seems to have a lot fewer gradients in its default style.



  • @aliceif said:

    You can change the theme~And KDE5 (not the actual name, but I CBA to find the way it's actually called) seems to have a lot fewer gradients in its default style.

    It was a while back, but I remember trying several things and failing to make it better in any way.

    I hope they get with the times, the way it looks now is embarrassing.


  • ♿ (Parody)

    @cartman82 said:

    I hope they get with the times, the way it looks now is embarrassing.

    I always switch to the Plastik theme. It's not flashy and is easy to tell what's what.


Log in to reply