"Name" key value in desk. entry spec collides with file names, could misguide users?

Lars Hallberg spam at micropp.se
Tue Mar 15 01:44:55 EET 2005

Kalle Vahlman wrote:

>No it won't. Nautilus detects it's an exe and complains of the mismatch.
>So I was actually wrong with that argument (which I'm only glad of :)
This is great!

>Yeah. And that is by no means the .desktops fault, no more than .pifs.
>It's the stupid user that does the work. I would never open anything
>sent from a hotmail acccount, but most people would. How do you
>protect users from downloading an archive, unpacking it and *then*
>running the malware?
The user shuld not run anything, but they might reasnoble save it to the 
desktop or other folder for later examination. I don't know if this is 
true about .desktops ... but if it is ther is a problem.

* They can set an ikon

* They can name themself nude.jpg

* They start arbitrary code when clicked.

Now... That *is* bad. Simplest sulution would be *not* to alowe dots in 
the name!

Then it up to the filebrowsers implementation making it obvius it is an 
executable for extra security.

>--- begin "my nude full frontal.png"
>exec malware
>--- end
>do it already?
Will not show up with a thumb of a nude girl in the filebrowser, will it?

And if in a terminal You type:

$ gqview my\ nude\ full\ frontal.png

It is realy no harm.


More information about the xdg mailing list