Security issue with .desktop files revisited
Rodney Dawes
dobey at novell.com
Tue Apr 11 20:01:15 EEST 2006
Better yet, let's not encourage people to turn .desktop files into
scripts. As has been expressed MANY times in this thread, requiring +x
and a special tool that doesn't evaluate Exec any differently thatn we
are currently evaluating Exec, doesn't solve the problem. It is very
easy to ship a .desktop file to someone that is already +x.
We need to fix the evaluation semantics of Exec, not write a bunch of
easily-avoidable workarounds.
-- dobey
On Tue, 2006-04-11 at 17:06 +0200, Benedikt Meurer wrote:
> Bastian, Waldo wrote:
> > A viable strategy would be to start creating .desktop files with +x set
> > and a #!/usr/bin/xdg-open line now and then to wait a while before
> > environments actually start requiring it.
>
> Please do not encourage people to hardcode /usr/bin/xdg-open. Instead,
> suggest to use #!/usr/bin/env xdg-open.
>
> > Waldo Bastian
>
> Benedikt
More information about the xdg
mailing list