Security issue with .desktop files revisited

Benedikt Meurer benny at xfce.org
Tue Apr 11 20:07:14 EEST 2006


Rodney Dawes wrote:
> Better yet, let's not encourage people to turn .desktop files into
> scripts. As has been expressed MANY times in this thread, requiring +x
> and a special tool that doesn't evaluate Exec any differently thatn we
> are currently evaluating Exec, doesn't solve the problem. It is very
> easy to ship a .desktop file to someone that is already +x.
> 
> We need to fix the evaluation semantics of Exec, not write a bunch of
> easily-avoidable workarounds.

That's of course the preferable solution... but if people insist upon
making .desktop files executable, it should atleast be done in a cross
platform way.

> -- dobey

Benedikt



More information about the xdg mailing list