Community
Participate
Working Groups
Windows, in its wisdom, will have as a defualt action for e.g. ".bat" files to execute them. To reproduce: 1. commit a virus/worm to a CVS repository(having a .exe or .bat or script file extension). Sure, a "malicious CVS repository" is a bit contrived, but a machine infected by other means may cause someone to accidentally commit a virus. It is perfectly normal to commit .bat & .exe files to a CVS repository and such .exe & .bat files might become infected. It may be a stretch to mistrust files from a CVS server to the degree that one would mistrust files downloaded into a web-browser cache, but the risk is not vanishingly small. 2. check out a project from the CVS repository containing the virus/worm 3. At this point it is easy to accidentally execute the file, e.g: - Search for a term that appears in the virus/worm. Clicking next in the search view will execute the file. - Double click on a .bat file to edit it. If the system editor is
So, the problem is that windows will run a bat file without prompting the user to warn them that it may contain malicious code. In a way, this makes sense since windows doesn't know that the bat file came from another machine. You're suggesting that, because Eclipse knowns the bat file came from CVS (or any repository for that matter), it should warn the user before using a system editor on the file. Moving to UI since they handle editor opening.
(In reply to comment #1) > So, the problem is that windows will run a bat file without prompting the user > to warn them that it may contain malicious code. In a way, this makes sense > since windows doesn't know that the bat file came from another machine. You're > suggesting that, because Eclipse knowns the bat file came from CVS (or any > repository for that matter), it should warn the user before using a system > editor on the file. Moving to UI since they handle editor opening. I guess it is impossible for Eclipse to know which of the System editors that are unsafe and therefore the system editor should never be opened "accidentally". E.g. clicking "Next" in the Search view should not invoke the system editor.
Moving Dougs bugs
As per http://wiki.eclipse.org/Platform_UI/Bug_Triage_Change_2009
Remy is now responsible for watching the [EditorMgmt] component area.
This bug hasn't had any activity in quite some time. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. If you have further information on the current state of the bug, please add it. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.