"Name" key value in desk. entry spec collides with file names, could misguide users?
Lars Hallberg
spam at micropp.se
Tue Mar 15 01:44:55 EET 2005
Kalle Vahlman wrote:
>No it won't. Nautilus detects it's an exe and complains of the mismatch.
>
>So I was actually wrong with that argument (which I'm only glad of :)
>
>
This is great!
>Yeah. And that is by no means the .desktops fault, no more than .pifs.
>It's the stupid user that does the work. I would never open anything
>sent from a hotmail acccount, but most people would. How do you
>protect users from downloading an archive, unpacking it and *then*
>running the malware?
>
>
The user shuld not run anything, but they might reasnoble save it to the
desktop or other folder for later examination. I don't know if this is
true about .desktops ... but if it is ther is a problem.
* They can set an ikon
* They can name themself nude.jpg
* They start arbitrary code when clicked.
Now... That *is* bad. Simplest sulution would be *not* to alowe dots in
the name!
Then it up to the filebrowsers implementation making it obvius it is an
executable for extra security.
>--- begin "my nude full frontal.png"
>#!/bin/sh
>
>exec malware
>--- end
>
>do it already?
>
>
Will not show up with a thumb of a nude girl in the filebrowser, will it?
And if in a terminal You type:
$ gqview my\ nude\ full\ frontal.png
It is realy no harm.
/LaH
More information about the xdg
mailing list