Open Bug 477532 Opened 16 years ago Updated 2 years ago

Linux needs the Windows "dangerous extensions" list -- WINE auto-opens trojan .exe's

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Platform:
x86
Linux
Type:
defect

Tracking

()

People

(Reporter: josephsmidt, Unassigned)

References

(
URL
)

Details

(Keywords: sec-want, Whiteboard: [sg:want]) 

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008121622 Ubuntu/8.10 (intrepid) Firefox/3.0.5

When you use Firefox in Linux, will try to open .exe files using wine.  It would be nice if it made sure a virus was not being opened.  This bug report is derived from a bug reported in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/309214.  



Reproducible: Always

Steps to Reproduce:
1. Find a virus with a .exe extension
2. Try to open it. (With wine)
3. 
Actual Results:  
Firefox lets wine install the virus

Expected Results:  
Firefox does a good job keeping its users safe from bed things on the internet.  It would be nice if it prevented wine from opening a virus.
I guess that's not the job of Firefox. Wine should let check if it's a virus..

You can also choose with which application the exe will be opened.
Firefox can not protect a user from himself.
How should know if you are downloading a virus or not ?

That is not our problem is the user decides to run random .exe files with Wine.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
I think what the reporter asks for is to make a similar behaviour for .exe files on linux like we currently have on windows for .exe files, e.g. only allow to download.

Was that understood? Personally, I think is somewhat a valid request; though not really a severe one for now.

reopening.
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
Status: UNCONFIRMED → NEW
Ever confirmed: true
Component: General → Download Manager
Product: Firefox → Toolkit
QA Contact: general → download.manager
for now moving to downloadmanager where we could handle this.
Summary: Firefox should prevent wine from opening viruses in Linux → Firefox should prevent wine from opening .exe on Linux
I would argue this is a GNOME bug - we should have a generic warning interception dialog for when you try to execute unsandboxed code downloaded from the Internet.  IIRC there was some sort of attempt at this somewhere (nautilus?).  Needs investigation.
Colin, how is this a gnome bug? All the app handling and mime code is kind of redone on mozilla side atm. At some point we might have the system application chooser for gnome integrated in firefox; at that point it would probably become a gnome bug, but not for now.

Technically, there shouldnt be much wizardry required here, except to hard code that .exe files are always unsafe - even on linux. See: https://bugs.edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/309214/comments/11
What I'm saying is that if GNOME provided some facility for applications to check whether a file was downloaded from the internet, and pop up a warning dialog, it could be reused not only in Firefox but also in say Empathy/Pidgin file transfers.

I know Firefox does application handling manually now, but there's not a reason that can't be changed.
Flags: wanted1.9.1?
Flags: wanted1.9.0.x+
Summary: Firefox should prevent wine from opening .exe on Linux → Linux needs the Windows "dangerous extensions" list -- WINE auto-opens trojan .exe's
Whiteboard: [sg:want]
Flags: wanted1.9.1?
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.