On 7/7/26 8:46 AM, Neal Gompa wrote:
On Tue, Jul 7, 2026 at 8:36 AM Sebastian Wick <[email protected]> wrote:
....

They argue that this can't be an issue on their side because this
behavior was introduced in 2004. The behavior was never a good idea
(see man 1 xdg-mime above). The handler that wine ships also bypasses
the executable bit. If you download an ELF or sh file in your browser
and open it, it will not run. If you download an exe, it will.

Fedora has a responsibility to keep their users secure. We have to
patch the desktop file in wine to remove the MIME handler.


I don't entirely agree with this assessment. Fixing the handler so
that it doesn't execute it if it's not marked executable would largely
mitigate this problem too. But yes, I also agree with the Wine folks
that users expect double-clicking to work, so that behavior needs to
remain in effect.


Users expecting double clicking to work is the main cause of malware problem in Windows, where the originator of the file is who decides what is executable or not by naming the file with an specific extension.

If Wine authors do not want to solve the problem upstream, not only the Fedora provided Wine should be fixed downstream by not registering the handler, I go a little far that that. Disallow a default handler for Wine related mime types to avoid compromising the system for people that install the upstream RPMs, make the users choose the handler every time and add a non GUI option to disable that at their own expense.
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to