Summary: | Misleading warning message may cause user to execute Programs or Scripts from archive | ||
---|---|---|---|
Product: | [Applications] ark | Reporter: | patrick |
Component: | general | Assignee: | Helio Castro <helio> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | Tar Archive to demonstrate the trick. |
Description
patrick
2004-02-13 17:40:34 UTC
Created attachment 4679 [details]
Tar Archive to demonstrate the trick.
The attached tar.gz file illustrates the trick. The tar.gz contains an
executable File named README. Opening the archive with ark and then
doubleclicking the README file inside the archive will popup the ambiguos
warning. If one then chooses "Yes" from the dialog the script is executed even
though the dialog suggests it could be viewed. (It writes something to stdout
and pops up a kdialog error Box saying "Gotcha!")
The message cannot be changed in the 3.2 branch, as messages are frozen for translation. I'll change HEAD. Please note that this is way better than what we did in 3.1 (simply execute the file, without asking anything). |