Bug 569130 – Downstream bug report: Opening a Java Archive (.JAR) file executes it regardless of the "executable" permission bit

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 569130 - Downstream bug report: Opening a Java Archive (.JAR) file executes it regardless of the "executable" permission bit


Summary:	Downstream bug report: Opening a Java Archive (.JAR) file executes it regardl...


Status:	RESOLVED DUPLICATE of bug 569129

Product:	gnome-desktop
Classification:	Core
Component:	general
Version:	2.25.x
Hardware:	Other All

Importance:	Normal enhancement
Target Milestone:	---
Assigned To:	Desktop Maintainers
QA Contact:	Desktop Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-01-25 22:17 UTC by Richard Seguin
Modified:	2009-01-28 00:17 UTC

See Also:
GNOME target:	---
GNOME version:	Unversioned Enhancement

Description Richard Seguin 2009-01-25 22:17:55 UTC

I am trying to get an opinion on if this is a gnome feature request or if this is an issue that needs to be looked at. 

"Let's have a Java Archive (.JAR) file on the Desktop (default Gnome GUI). The archive has the execute permission bits cleared (chmod 640). When the archive icon is double-clicked, the archive contents should be displayed in the Archive Manager. Under no circumstances code contained in the archive should be executed. Opening files should be safe, regardless of their contents."

"The archive is nevertheless executed (presumably, java -jar <archive name> is called)."

Comment 1 Federico Mena Quintero 2009-01-28 00:17:00 UTC


*** This bug has been marked as a duplicate of 569129 ***