Subject | Re: spreadsheet ergonomics |
From | Snit |
Date | 04/05/2017 03:57 (04/04/2017 18:57) |
Message-ID | <D5099D13.9CCA3%usenet@gallopinginsanity.com> |
Client | |
Newsgroups | comp.os.linux.advocacy |
Follows | owl |
Followups | owl (18m) > Snit |
owlWhich is what I did... downloaded them.
Snit <usenet@gallopinginsanity.com>wrote:Snitowl
On 4/4/17, 3:42 PM, in article av9z00.bhddi@rooftop.invalid, "owl" <owl@rooftop.invalid>wrote:SnitowlSnitWill play with it later... thanks. Looking at it just briefly, though, I see where it is six files (compressed) and for most users would just lead to confusion. I assume I need change permissions on startem, startemx, and ud... and then run startem?owl
The perms should already show as executable.
Ah. In some ways that is good... but also a security risk.
Nope. It does not auto-execute, and the source is there for you to peruse in advance of running it.
That does not eliminate security risks. But we hear time and time again, with reason, how it is good to have it where you need to set permissions to run a "random" program. But it turns out you do not have to do that.
On macOS, for what it is worth, it warns you that this is the first time you are opening the file and has you jump through hoops... even tells you the source (what program you got it from, etc.).
Interesting Linux does not offer such protections. I would have thought it would.
That's for downloaded files.
The file in question is wrapped in a tarball. If the tarball had its execute bit set, that would be zero'd.I did not think Linux had the same type of protection as macOS here... not sure why I was thinking the permissions would be changed. My mistake on that.
Here is the result of a browser download of a file whose execute bit was set:
root@lowtide:/var/www# ls -l wave -rwxr-xr-x 1 root root 6688 Apr 4 21:47 wave root@lowtide:/var/www#
anon@lowtide:~$ ls -l Downloads/wave -rw-r--r-- 1 anon anon 6688 Apr 4 21:47 Downloads/wave anon@lowtide:~$
Whew. And as we have seen it would be unwise to take your advice on a "real" system... the risk of lost data is real simply to rename files.owlUnlike with Numbers. Who knows what that Numbers does behind the scenes. You choose to trust a corporation that refuses to cooperate with law enforcement.Snit
So you have no concern running scripts from any source.
I never said that.
But you did say that Apple is a trusted source, and that there is no danger in opening a Numbers file from someone you don't know, and even challenged everyone here to show you the danger -- which I did with a link to apple.com where they discuss it.I do not believe I ever said there as NO danger. But there is not much, and, as show, even when looking you could not find any sign of danger for the version of Numbers I am using, no less the OS I am using it on!