nautilus runs file when display is clicked
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Nautilus |
Fix Released
|
Medium
|
|||
| nautilus (Ubuntu) |
Fix Released
|
Medium
|
Ubuntu Desktop Bugs | ||
Bug Description
Binary package hint: nautilus
When Display is pressed inside the nautilus dialogue box after a file is double clicked, the file is executed instead of displayed inside gedit or other editor of choice.
On my system, I currently have this file:
recursive_rename
With the contents:
#!/bin/bash
for x in `find . -type f`; do new=`echo $x | tr '[A-Z]' '[a-z]'`; mv $x $new; done
When I right click on the file and say open with text editor all is well and it opens the file with gedit.
When I double click the file it gives me the choice to run in terminal, display, cancel, or run; if I then choose display which normally opens my default text editor, it executes the file!
I learned this because I double clicked the above file, asked it to display it for me and suddenly a bunch of files in the same directory were lower-cased! Imagine if I tried to display some sort of clean up or file deleting script!
The key here is that if the file has #!/bin/bash in it, nautilus will run the file when display is selected.
I have another file in the same directory:
sort_eliminate_
With the contents:
cat all.txt | sort | uniq > sortedUniqueLis
And with this file the correct behaviour is observed; when the file is double clicked and display is selected, it opens up the file in the default text editor and does NOT execute it as it would have if I had the bash declaration at the top.
I sincerely pray to the linux gods that this is not the desired behaviour. If this behaviour cannot be reproduced elsewhere, I will be more than happy to give as much detailed information as possible including hardware, system, and software specs.
Simple information:
hysterix@mybox:~$ sudo lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10
hysterix@mybox:~$ sudo apt-cache policy nautilus
nautilus:
Installed: 1:2.24.1-0ubuntu2
Candidate: 1:2.24.1-0ubuntu2
Version table:
*** 1:2.24.1-0ubuntu2 0
500 http://
100 /var/lib/
1:
500 http://
Expected to happen: When a bash script is double clicked and display was pressed, I expected the file to be displayed!
What happened instead: The file was executed!
I believe this bug is a security vulnerability; files and processes should only execute when you want them to!
| description: | updated |
| tags: | added: display execute nautilus problem run |
| description: | updated |
| description: | updated |
| visibility: | private → public |
| Sebastien Bacher (seb128) wrote | #1 |
| Changed in nautilus (Ubuntu): | |
| assignee: | nobody → Ubuntu Desktop Bugs (desktop-bugs) |
| importance: | Undecided → Low |
| status: | New → Incomplete |
| Changed in nautilus (Ubuntu): | |
| importance: | Low → Medium |
| status: | Incomplete → Confirmed |
| marco.pallotta (marco-pallotta) wrote | #3 |
| Brewster Malevich (brews) wrote | #4 |
| Raj Bhattacharjea (raj-b) wrote | #5 |
| Sense Egbert Hofstede (sense) wrote | #6 |
| Changed in nautilus (Ubuntu): | |
| status: | Confirmed → Triaged |
| Brewster Malevich (brews) wrote | #7 |
| Sense Egbert Hofstede (sense) wrote | #8 |
| Changed in nautilus (Ubuntu): | |
| status: | Triaged → Fix Released |
| Changed in nautilus: | |
| importance: | Unknown → Medium |
| status: | Unknown → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better. Please answer these questions:
* Is this reproducible?
* If so, what specific steps should we take to recreate this bug?
* Could you try on jaunty?
This will help us to find and resolve the problem.