.desktop files, serious security hole, virus-friendliness
thiago at kde.org
Mon Apr 3 20:27:52 EEST 2006
Rodney Dawes wrote:
>On Mon, 2006-04-03 at 19:03 +0200, Thiago Macieira wrote:
>> Benedikt Meurer wrote:
>> >I'd propose to optionally include a digital signature for the Exec
>> > field (i.e. add an ExecSignature field to the spec) and let the file
>> > manager ask the user whether he/she trusts the signee or popup a
>> > warning if no signature is present. Distributions should then ship
>> > with a good default set of trusted certificates (i.e. for Gnome,
>> > KDE, Xfce, etc.), so users shouldn't see the warning unless they're
>> > trying to execute a virus.desktop or a .desktop file whose signee is
>> > not yet in the trustdb.
>> [I'm not trying to shoot your idea down; I'm just raising some
>> discussion points]
>> How would this work for user-created files? Should the desktop
>> automatically sign the files? Should we require each and every user to
>> have a GPG key?
>Shoulud it be GPG? What about S/MIME? Do we really need a signature and
>yet another dialog to pop up and annoy the user? Shouldn't we only pop
>up things like this when we /know/ there is an issue?
Right, it doesn't have to be a GPG signature.
It could be a simple cookie secret that is stored somewhere in the user
directory and created when first needed -- and then reused.
How would this apply to read-only files? How about files stored in
read-only dirs? (I'm thinking of /usr/share here).
Should ISVs have to "sign" their files too?
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060403/30ed7852/attachment.pgp
More information about the xdg