412694 – Windows executable should be warned before opening by Wine

Bug 412694 - Windows executable should be warned before opening by Wine

Summary: Windows executable should be warned before opening by Wine

Status:	RESOLVED FIXED

Alias:	None

Product:	frameworks-kio
Classification:	Frameworks and Libraries
Component:	general (show other bugs)
Version:	unspecified
Platform:	Other Linux

Importance:	NOR critical
Target Milestone:	---
Assignee:	David Faure

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-10-07 10:39 UTC by Guo Yunhe
Modified:	2019-10-16 15:46 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	https://commits.kde.org/kio/591cc2a16e3e643165d5d5f4f67e2ee4c032217a
Version Fixed In:	5.64
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Guo Yunhe 2019-10-07 10:39:47 UTC

SUMMARY
Many Linux users has Wine installed. When opening a *.exe, it will be run by Wine without confirmation. I found some malware pretend to be a *.mp4, but when you click it, it is executed by Wine. If we are showing warning when opening *.sh or *.py, we should also warn users about any files that is going to be opened by Wine, which is much more dangerous. In reality, most *.exe files are downloaded from random websites or BitTorrent network. Users should never trust an exe file on Linux.

STEPS TO REPRODUCE
1. Install Wine and download some exe file.
2. Open Dolphin.
3. Click to open an exe file.

OBSERVED RESULT
Dolphin will open and run exe without warning.

EXPECTED RESULT
Dolphin should popup a warning, just like it does for bash/python scripts.

SOFTWARE/OS VERSIONS
Operating System: openSUSE Tumbleweed 20191004
KDE Plasma Version: 5.16.5
KDE Frameworks Version: 5.62.0
Qt Version: 5.13.1
Kernel Version: 5.3.1-1-default
OS Type: 64-bit
Processors: 8 × Intel® Core™ i7-8550U CPU @ 1.80GHz
Memory: 31.1 GiB

ADDITIONAL INFORMATION

Comment 1 Guo Yunhe 2019-10-16 08:39:22 UTC

Git commit 591cc2a16e3e643165d5d5f4f67e2ee4c032217a by Guo Yunhe.
Committed on 16/10/2019 at 08:39.
Pushed by guoyunhe into branch 'master'.

Treat "application/x-ms-dos-executable" as executable on all platforms

Summary:
Because of Wine, *.exe can be executed in almost all desktop platforms.

The dialog will open when a script/exe/binary is clicked.

For scripts, it shows "Open" and "Execute" button. Same as before.

For *.exe on Linux/BSD, it shows only "Execute" button, but it actually does "Open with Wine".

For native binary, it shows only "Execute" button. This is a new difference. I think users should never click and run a binary without warning. Here is already a `showUntrustedProgramWarning` pop up function. But it only popup for binary without execute bit. If you get a binary from *.tar.gz or *.7z, it may already have a execute bit and no popup will be appear.

Reviewers: #frameworks, ngraham, dfaure

Reviewed By: ngraham, dfaure

Subscribers: GB_2, ppeter, dfaure, ngraham, broulik, kde-frameworks-devel

Tags: #frameworks

Differential Revision: https://phabricator.kde.org/D24463

M  +22   -9    src/widgets/executablefileopendialog.cpp
M  +13   -0    src/widgets/executablefileopendialog_p.h
M  +30   -26   src/widgets/krun.cpp
M  +2    -0    src/widgets/krun_p.h

https://commits.kde.org/kio/591cc2a16e3e643165d5d5f4f67e2ee4c032217a