RFC: Autostart spec, first draft

John (J5) Palmieri johnp at redhat.com
Thu Jul 7 19:34:18 EEST 2005

On Thu, 2005-07-07 at 12:33 +0100, Mike Hearn wrote:
> Hi,
> I didn't read the full thread originally, but I'd like to use autostart 
> files for autopackage in future both for auto-starting welcome screen 
> apps on CDs, and also for starting the update checking program in the 
> background when the user first logs in.
> Waldo Bastian wrote:
> > First draft, your feedback is highly appreciated.
> > 
> > A desktop environment MUST NOT automatically start an application if
> > the corresponding .desktop file has NOT been marked as executable.
> There should be some rationale for this in the spec.  Marking .desktop 
> files +x isn't especially difficult for installers, but:
> 1) Why is it necessary?
> 2) What about noexec mounted home dirs?
> 3) For the case of auto-starting on external media eg CD-ROMs and USB
>     Keys, they may be formatted with a filing system that does not
>     understand the concept of the UNIX +x bit. What do people who want
>     auto-start files in this situation do?

In the case of the autostart script +x is important.  Why would you be
running a script from a FAT drive in the first place?

> I flicked through the original thread but didn't find any discussion of
> this requirement. As discussed previously on xdg-list, +x 
> bits/noexec-mounts do not add any real security as they are easily 
> circumvented by anybody who knows what they're doing, and for naive 
> users they just add "security through obscurity" which doesn't help much 
> either.

We do it with evolution where any downloaded file is marked as
non-executable.  The user has to explicitly set the execute bit if it is
an executable.  It is just another layer of security to make sure the
user doesn't just double click and run a trojan.  It would be an extra
layer of security to avoid someone from just dropping any old file they
downloaded into the autostart directory.  Not saying if this is useful
but that would be the use-case. 

> > TBD: This is only practical for starting applications that are on the
> > media itself. Should there be a convenient way to open e.g. a .html
> > or .pdf file using the users preferred application for such file
> > type?
> Yes, that's a very common use case (as is starting up simple 
> welcome-screen apps). Why use shell scripts on mountable media, but 
> .desktop files when installed? Why not just have a [.]autorun.desktop 
> file on the mountable media itself?

Hmm, but configuration would get hard for this.  Is it worth the
confusion to the user?  Plus there are still security concerns such as
media file exploits.

John (J5) Palmieri <johnp at redhat.com>

More information about the xdg mailing list