Malware on Wine review

[Ben Klein]

2009/2/26 King InuYasha <ngompa13 at gmail.com>:
> Now that Nautilus has the desktop file requiring execute bit, I have a
> question for all of you to consider. Do JAR files require the +x bit to load
> them, or are they treated like associated files and run through the
> interpreter? Really, Windows apps on Linux is basically the same situation
> as Java applications run through the bytecode interpreter.

You just answered your own question. Java is interpreted and has to be
passed through a compatible byte-code interpreter. Wine does not
interpret PE files in this fashion, and cannot because it is not and
does not have a CPU emulator. So a JAR file should run if passed as an
argument to the interpreter, just like what happens with the scripting
languages that open the file for reading instead of trying to fork and
execute.

> Also, NTFS DOES have a concept of execute bits, but Windows itself does not
> use them. An implementation of this is the "trusted" app scheme in the
> properties in Windows Vista and above (I don't remember if XPSP2 had it
> also). Although this scheme is mostly broken, it was intended to stop the
> execution of apps just downloaded from the internet from a non-trusted
> source.

NTFS has the concept of metadata. Windows does not use it as an
equivalent for +x bit though. And even if it did, it wouldn't be a big
help for Wine, because Wine doesn't like NTFS :)

2009/2/26 Scott Ritchie <scott at open-vote.org>:
>> It's hardly annoying as it takes all of two seconds (or less). It's part of
>> normal system operation that the user will already have to deal with outside
>> of Wine. And at least they'll know that it's something that is going to be
>> executing, instead of simply opened/read. Trading safety for user convenience
>> like that is a bad habit to pick up.
>
> It takes about 2 seconds once you've learned how to do this, but this is
> hardly an easily discoverable task.

One word for you: EDUCATION. Newbies should be taught how things work.
We shouldn't base all our usability decisions based on what they
expect. They expect it to "just work". The only case we're talking
about here where it won't "just work" is when they download an app to
install; in this case they have to +x it explicitly. Just like if it
was a regular ELF executable.

> Regardless, when a user says "open the program" twice in a row - by
> clicking on it and then clicking "run this program" on the associated
> dialog box, I think it best we got out of their way rather than assume
> they actually meant "no, don't run it until I make 4 more clicks on a
> different tab in the preferences dialog."

Wow 4 more clicks? That might give me RSI! Why don't we get out of
their way entirely and automatically run wineboot when they log on to
an X session, so they get Steam and all their trojans running without
warning?

People seem to forget that security comes at the cost of convenience.
In my opinion, requiring +x is not just about security (for downloaded
applications in particular) but about correctness. Wine is not an
interpreter, it's a binary loader. It should act like a binary loader
and respect +x. If possible, it should respect noexec mount option
too.

> Does Wine do this in all cases (mark installed executables as +x)?

I believe so. As it's been mentioned, Wine goes to great lengths to
make sure EXEs are marked +x, but it doesn't do anything else with it.
I expect that this is mostly to keep binfmt-misc happy.

What this thread needs now is a final decision from AJ. :)