executable .desktop files
egon at krul.ath.cx
Fri Aug 22 01:46:16 PDT 2008
Thiago Macieira wrote:
> Egon Kocjan wrote:
>> Thiago Macieira wrote:
>>> Users should have to turn something into executable before it's
>>> allowed to continue.
>>> Self-packed .desktop files are a security risk (raised more than two
>>> years ago) and should be fixed. Especially since .desktop can change
>>> its own icon and masquerade as an innocuous JPEG file, for instance.
>> What is the right way to ship instant software to non-technical users
>> then? All I can think of are similarly exploitable ways (putting +x
>> binaries into zips - the user didn't make them executable himself).
> Right, but users extracted the contents explicitly. And unzip applications
> can also warn that executables are being created, if necessary. The point
> is that there are two actions to be taken in order to execute something,
> thereby making an accidental click much harder to happen.
> So, the solution for instant software is the same: find a two-step action
> (no one-click solutions) and that would be fine.
I hope that such two-step procedure will be soon described in a standard
and supported by implementations, at least before the distros decide to
break Exec=... desktop files ;)
For example, Mac web browsers recognize application.app directory
structure, even if it's packed in a .dmg or .zip. When the user clicks
the application link on the web site, the web browser will react
accordingly and inform the user, that he's trying to download an
application. Safari will also automatically mount/unpack the application
after the warning dialog (I'm not 100% sure about firefox).
The question is, do oss desktops wish to support instant applications at
all? Is Mac OS X behaviour acceptable? Was there any consensus reached
at some point?
> This also includes
> making sure there's an interpreter already installed in the system: then
> you can make use of a .desktop or a MIME type to load with a single click
> (the first step was installing the interpreter).
Yes, if we're talking about document oriented applications. Klik on the
other hand adds a new type of executables (.cmg) to the system. It seems
to me, that they were forced into "subverting" the system to provide
More information about the xdg