.desktop files, serious security hole, virus-friendliness
Scott James Remnant
scott at netsplit.com
Wed Apr 5 02:20:35 EEST 2006
On Tue, 2006-04-04 at 20:03 +0100, Mark Seaborn wrote:
> One problem with using the executable bit on .desktop files is that
> the executable bit could become set without any special action by the
> user.
>
In particular, if saved to a FAT partition (USB drive) or similar.
A different approach would be a standard for saving of attachments and
files downloaded from the Internet. E-mail clients, Web browsers, etc.
would honour this standard, and declare their support for it as a
feature.
The standard would simply forbid such clients from saving a file which
could be interpreted as a desktop file, or executable, without the
user's express consent.
Scott
--
Have you ever, ever felt like this?
Had strange things happen? Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060405/e35caaec/attachment.pgp
More information about the xdg
mailing list