Safer handling of executable files with download manager

NEW
Unassigned

Status

()

15 years ago
2 years ago

People

(Reporter: bugs, Unassigned)

Tracking

(Depends on: 1 bug, {sec-want})

Trunk
sec-want
Points:
---
Dependency tree / graph
Bug Flags:
blocking-aviary1.0PR -
blocking-aviary1.5 -

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:want P2])

Attachments

(1 attachment, 1 obsolete attachment)

1) Fix all edge cases that allow autodownload of bad types. 
2) Replace current dialog (which can be disabled) with:

+-------------------------------------------+
|                                           |
| You are about to run this program:        |
|                                           |
|   @ winword.exe                           |
|                                           |
| Description: Microsoft Word for Windows   |
| Publisher:   Microsoft Corporation        |
|                                           |
| Downloaded from: hostname.com             |
|                                           |
| Executable files such as this can contain |
| viruses or malicious code that may harm   |
| your computer.                            |
|                                           |
| *You should only run programs from sources|
| you trust.*                               |
|                                           |
|                                           |
|           ( Run this Program ) ( Cancel ) |
|                                           |
+-------------------------------------------+

*text* = bolded
@ = icon

Notes:
- user can no longer disable this dialog. I've been running a firefox build for
several months that features this dialog when I (rarely) launch executables and
the extra screen is no huge deal. 
- placing the metadata including the host the file was downloaded from is
probably a good idea. 

Implementation Notes:
- more robust checking for executable types in UCT handling code to shut down
the ability to create automatic handlers for executable files
- add a new XUL dialog to replace the confirmCheck use in download.js
- add a method to nsIWindowsShellService to get full description/publisher
metadata from a file (maybe this should go on a new nsILocalFileWin??? - i.e.
getVersionInformation("Description"), getVersionInformation("InternalName"),
etc. ) - where the parameters map to keys in the VERSION string table of the
file's resources
- add ifdef XP_WIN code to the new XUL dialog that fills that information in.
Status: NEW → ASSIGNED
Flags: blocking-aviary1.0RC1+
Priority: -- → P3
Target Milestone: --- → Firefox1.0beta
"You should run programs only from..."

(text correction from brendan)

Comment 2

15 years ago
"Run this Program" should be replaced by "Save this Program" when the dialog is
triggered by an action like "Save Link As...".

The dialog should have the same protections as the extension installation dialog:
* The default button should be "Cancel".
* The "Run" and "Save" buttons should be disabled for a short time.
Not to start a holy war, but I'd rather we default to nothing, going along with
GNOME HIG (and to a lesser extent, Apple HIG).  Defaulting to cancel makes it
too easy to accidentally dismiss a dialog, which can be annoying.
Sorry Jesse - I forgot to add this is after the application has been saved
already, and the user clicked the "Open" link in the dlmgr. 

Tweaks to the unknown content type dialog for when file.isExecutable() evaluates
to true. 

+--------------------------------------------+
|                                            |
| You have chosen to download                |
|                                            |
|   @ FirefoxSetup-0.9.1.exe                 |
|                                            |
| from:       ftp.mozilla.org                |
|                                            |
| Executable files such as this can contain  |
| viruses or malicious code that may harm    | 
| your computer.                             |
|                                            |
| *You should only run programs from sources |
| you trust*                                 |
|                                            |
|                                            |
|     ( Download this Program ) (( Cancel )) |
|                                            |
+--------------------------------------------+

Also - IE SP2 uses a permission manager to control all file downloads. Is that
worth doing? (Separate bug definitely)

Comment 5

15 years ago
That dialog will also appear if I right-click a link to an executable and select
"Save Link As..." or Alt+click a link to an executable, right?
it could be...

Comment 7

15 years ago
I think it should, since I save lots of videos that way and only check the
extensions 60% of the time before double-clicking on them in Explorer.

Updated

15 years ago
Depends on: 250938

Comment 8

15 years ago
great idea
that would help get attention
Posted patch some doodling (obsolete) — Splinter Review
a rough cut at some of this - far from the final approach. this doesn't quite
work - for some reason when you click on file links they never download. save
link as... downloads work though.
Posted patch more doodlingSplinter Review
not for review, just for storage
Attachment #153571 - Attachment is obsolete: true
Missing the boat. The changes I made here caused downloads to not work. There
are simpler patches in 252189 and 250938 to do some of what's been done here. 
Flags: blocking-aviary1.0RC1+ → blocking-aviary1.0RC1-

Comment 12

15 years ago
this dialog would be quite welcome... one of my nits after switching from MSIE
to firefox is the extra effort i have to put into running executables, the
dialog really needs a "run this program" option for advanced users.

-dean
*** Bug 272222 has been marked as a duplicate of this bug. ***

Updated

14 years ago
Flags: blocking-aviary1.1?
Flags: blocking-aviary1.1? → blocking-aviary1.1-

Updated

14 years ago
Depends on: 301186

Comment 14

14 years ago
See also bug 301186.

Comment 15

13 years ago
Adding a warning when downloading executable files, or marking/segregating downloaded executable files in some way, would help users who:

(1) don't know enough about file extensions to keep themselves safe when downloading porn videos.

(2) don't even think of the possibility that the file they downloaded isn't a video, and so neglect to look at the extension.

(3) download so many porn videos that they sometimes forget to check the file extension for some of them.
Whiteboard: [sg:want P2]
Assignee: bugs → nobody
Status: ASSIGNED → NEW
Priority: P3 → --
QA Contact: ali → download.manager
Target Milestone: Firefox1.0beta → ---
This seems like it would be related to bug 236771.
Great proposal. Was surprised to see that.

Just one thing: From the initial description, it seems you want to get the Description and Publisher from the metadata in the EXE itself. Of course that's flawed. If you show "Microsoft", it should be certified, otherwise show the hostname only.

Comment 18

11 years ago
I've heard that if you download an application using Firefox trunk on Leopard or XP SP2, and then double-click on it in Finder or Explorer, the OS will warn you that you're about to run a downloaded application.  So I guess we don't need to warn on Alt+click executable downloads after all :)

The existence of these OS dialogs could make it safer to include a "Launch" button in our own dialogs, as well.
(Assignee)

Updated

11 years ago
Product: Firefox → Toolkit

Comment 19

10 years ago
> See also bug 301186.

I get "You are not authorized to access bug #301186." An unpatched security vulnerability has been around since 2005?
(In reply to comment #19)
> > See also bug 301186.
> 
> I get "You are not authorized to access bug #301186." An unpatched security
> vulnerability has been around since 2005?

Looks like someone failed to open it up. Dan?

/be

Comment 21

10 years ago
I made it public, and wontfixed it.
OS: Windows XP → All
Hardware: x86 → All
Version: unspecified → Trunk

Updated

8 years ago
Depends on: 662819

Comment 22

8 years ago
How about creating a subfolder called "Downloaded Apps" when we download an executable?
You need to log in before you can comment on or make changes to this bug.