Bug#605410: Fix for spurious download warnings

Fri, 17 Dec 2010 13:36:15 -0800 

tags 605540 + patch
tags 605410 + patch
kthxbye

This particular issue has started to become very annoying for me.  So I
went through the source and am now providing a patch.  This patch
disables the entire executable file warning system when OS_POSIX is
defined.  This is for several reasons:

* virtually every meaningful datatype that people use is flagged;
* as a consequence, the user just learns to click through the warning;
* some datatypes are not practically exploitable except as the superuser
  (e.g. .deb) and we must assume that the superuser is not an idiot;
* any type of data can be named with any extension on POSIX systems, so
  assuming that only files with certain extensions can contain malware
  is wrong;
* it is *very* annoying to have this prompt all the time with no way
  whatsoever to turn it off;
* it is demeaning to assume that I have failed to consider the
  consequences of my actions in downloading a file; and
* from a correctness point of view, many of these datatypes are not
  strictly "executables" and calling them such is disingenuous.

For my sanity and good health, please apply this patch in your next
upload.  But please note: the patch has not been tested at all.  It may
or may not compile or run.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

diff -ur chromium-browser.old/src/chrome/browser/download/download_exe.cc chromium-browser-9.0.587.0~r66374/src/chrome/browser/download/download_exe.cc
--- chromium-browser.old/src/chrome/browser/download/download_exe.cc	2010-12-17 20:33:02.000000000 +0000
+++ chromium-browser-9.0.587.0~r66374/src/chrome/browser/download/download_exe.cc	2010-12-17 20:57:00.000000000 +0000
@@ -179,10 +179,16 @@
 };
 
 bool IsExecutableFile(const FilePath& path) {
+#if defined(OS_POSIX)
+  return false;
+#endif
   return IsExecutableExtension(path.Extension());
 }
 
 bool IsExecutableExtension(const FilePath::StringType& extension) {
+#if defined(OS_POSIX)
+  return false;
+#endif
   if (extension.empty())
     return false;
   if (!IsStringASCII(extension))
@@ -225,6 +231,9 @@
 };
 
 bool IsExecutableMimeType(const std::string& mime_type) {
+#if defined(OS_POSIX)
+  return false;
+#endif
   for (size_t i = 0; i < arraysize(kExecutableWhiteList); ++i) {
     if (net::MatchesMimeType(kExecutableWhiteList[i], mime_type))
       return true;

Attachment: signature.asc
Description: Digital signature

Reply via email to