+x bit (Was: RFC: Autostart spec, first draft)

Mike Hearn m.hearn at signal.QinetiQ.com
Thu Jul 7 15:48:23 EEST 2005

> In previous discussion surrounding .desktop files it was considered a useful 
> step to increase security (slightly). So I wanted to add it here right from 
> the start.

Well, a few people did, but I never saw any rationale for that beyond 
"it might stop people clicking on things they downloaded until they take 
an extra step".

But this situation is different: users won't be downloading auto start 
files. They'll be installed by some other program, or be on mountable 
media. Requiring the +x bit here is inconsistent with the current 
.desktop entry spec, and doesn't add any security as the user isn't 
involved anyway.

> That's a good point. Should a user be able to execute shell code located on 
> such a home dir? Is ~/.profile parsed in such a setup?

You can always execute code of whatever form if it's in your home dir, 
for instance by piping the contents of a script to the interpreter or by 
using the ld.so trick.

> They will need to understand the notion of "executable", no? How else would a 
> user be able to start an application from the media without auto-start?

Some filing systems make everything executable, and others make nothing 
executable (eg, CD-ROMs exported over a network). In other cases CDs 
that are copied on Windows machines may lose extra metadata etc. I don't 
think we can assume that even if it starts +x it'll remain that way.

thanks -mike

More information about the xdg mailing list