[conspire] exo-open(1), default handler, preferred application

Rick Moen rick at linuxmafia.com
Fri Mar 6 19:16:09 PST 2009


Hi, Eric.  I do appreciate the explanation of how to restore user-level
control of Freedesktop.org MIME information cache files, and thus
indirectly giving greater control over what .desktop files are permitted
to do.

I hope you won't take amiss my going back and attempting to hammer on my
larger point:  dodgy software architecture that I personally don't need
and don't trust.  This is not a Linux thing; it goes back to when I was
primarily a MacOS System 6.0.7/7.x and Windows for Workgroups 3.11 user
and was only starting to seriously fiddle with *ix (BSD and MachTen,
then).

Back then, I decided that the prevalent malware threat was absurd, that
the entire thing must be based on a fundamental error.  It wasn't
difficult to find:  It was the assumption that the user isn't
responsible for knowing what got executed and why.  I decided on an
experiment:  I would take steps to ensure that I always knew what I was
running, and ran only code I was sure I wanted to run.  As a corollary,
that meant eschewing programs (and configurations) that took (or showed
a tendency or potential to take) unsafe actions on my behalf.  I got rid
of all the corporate-mandated anti-virus crud.  And everything worked
not only well, but much better than before.

Some user communities still don't want to hear this message, because it
sounds too much like adulthood.

http://blogs.eweek.com/applewatch/content/security/you_can_steal_but_you_cant_hide.html

  [...]
  Mac users have been able to go invisibly into bad neighborhoods. No
  one there even really acknowledged their presence. Now that's changing.
  These two related Trojans aren't the only recent Mac malware distributed
  in bad Nethoods. Another example: Malware posing as video codecs
  distributed through some porn sites. [...]

My posted comment:

  The majority of malware, that doesn't embody an automated crack of a
  known remote exploit, requires acquiring and executing untrustworthy
  code from untrustworthy sources. Ever since hearing of such things in
  the 1980s, I've wondered, "Why did [user foo] decide to run that?" When
  the immediate excuse is that some software (in its day, MS-Outlook's
  3-pane view, and such) ran it without asking the user, I've wondered
  "Why did [user foo] decide to run software that trusts dodgy software on
  his/her behalf?" The point being that the decision to do so is not
  inevitable.

  I've long been disappointed that the IT press almost always neglects to
  mention how a notable piece of malware comes to be executed, which to my
  mind is the actually interesting bit. There seems to be an implicit
  attitude of fatalism; that, just because users will do any damnfool
  thing and often use dangerously defective software, there's no point
  even in attempting to understand the process of where things went wrong.

  In the case of the Mac codecs and trojaned iWork / CS4 bootlegs, you
  seem to be saying the users made the damnfool decision to not only run
  untrustworthy code off the Internet, but do so with root authority (via
  sudo). And, of course, users willing to do dumb things as root are a
  menace to their systems with or without malware.

  I've just looked up the Conficker family: Seems to have been a canned
  attack against the ludicrously badly designed Microsoft RPC interface in
  MS-Windows (that apparently did zero input validation). Exposing really
  awful network daemons to public networks puts me in mind of the old
  technical support joke. ("Doctor, doctor, it hurts when I do this....")

Angling back to Linux, what I'm trying to suggest is that the whole 
desktop-file-utils / "Desktop Entry Specification" setup has the smell
about it of questionable and dangerous design -- as witness the fact
that they created a burgeoning disaster in the .desktop files that you
have been obliged to try to curtail in your _user_ configuration,
post-installation.

And for what?  Just so that you can grub around in Thunar, Nautilus,
Konqueror, or some other graphical file browser, click on a picture of a
file, and have a supposedly appropriate application pop up
automagically?  So you can click on a file attachment in Thunderbird and
have the system think for you "Oh, that's a PDF file; I should pop it
open in evince"?  

Back in the 1980s, I rid myself of that "file association" way of
thinking.  If I received a file in the mail, I saved it to C:\TEMP or
/tmp or wherever (can't remember the Mac Classic analogue), opened the
application of my choosing, and opened the file.  The coming of bash
made that radically easier:  Now, I don't even have to type most of 
"oowrite /tmp/eblug-lecture-2009-02-18.odp &", the tab key furnishing
90% of that for me.

So, part of my point is that the "Desktop Entry Specification" and
associated tools address a problem I don't care about, enabling me to do
something I specifically want to avoid doing.  Your view probably
differs, that being perfectly fine and what makes horse races. 

The other part of my point is that, whenever I've found that a group of
coders have a track record of writing untrustworthy code, I don't work
at finding ways to kludge it to be less dangerous:  I cut it out of my
life.  My impression is:  The demonstrated problems .desktop file
implementations (again: see lwn.net link previously posted) are in my
opinion sufficient reason to run away.





More information about the conspire mailing list