Security issue with .desktop files revisited

Thiago Macieira thiago at
Tue Apr 11 21:54:14 EEST 2006

Rodney Dawes wrote:
>Better yet, let's not encourage people to turn .desktop files into
>scripts. As has been expressed MANY times in this thread, requiring +x
>and a special tool that doesn't evaluate Exec any differently thatn we
>are currently evaluating Exec, doesn't solve the problem. It is very
>easy to ship a .desktop file to someone that is already +x.

We've got to deal with the situation where sending executable files is NOT 
easy. If it's easy, then users have a bigger problem than .desktop files.

So, assuming that users don't get +x files by default, then this solution 
IS a good solution, for a start. We just go back to the fact 
that .desktop files don't show the full name in the file managers and can 
change icons. So the user might be led to click in the icon, thinking 
it's something else entirely.

>We need to fix the evaluation semantics of Exec, not write a bunch of
>easily-avoidable workarounds.

Do you have anything in mind?

I don't see a way of restricting this without -- at the same time -- 
restrict functionality. Why shouldn't I be able to Exec anything I want?

Example: I used to have a terminal program with a switched LANG (when I 
started using UTF-8):
	LANG=pt_BR konsole

That's a shell construct. Are we going to require a shell parser 
for .desktop launch?

Thiago Macieira  -  thiago (AT) - thiago (AT)
  thiago.macieira (AT)     Trolltech AS
    GPG: 0x6EF45358                   |  Sandakerveien 116,
    E067 918B B660 DBD1 105C          |  NO-0402
    966C 33F5 F005 6EF4 5358          |  Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : 

More information about the xdg mailing list