"Name" key value in desk. entry spec collides with file names, could misguide users?

Kalle Vahlman kalle.vahlman at gmail.com
Tue Mar 15 21:47:08 EET 2005 

On Tue, 15 Mar 2005 14:31:45 +0100, Diego Calleja <diegocg at teleline.es> wrote:
> That script will not work because the MUA you're using will (or should) not set the
> +x bit in the permissions field, and doublecliking it won't work. That's the failure with
> .desktop files: We CAN'T stop them being executable.

So what do you do with an executable that is not an executable? Admire
its beauty in an hex editor? There is a way to be immune to this type
of attacks, and it is educated users that DO NOT download shady
materials. Making executables to not execute is not a cure, it is a
short term treatment.

(oh, and I fail to see how this would be a MUA-specific issue. Stuff
gets downloaded from all over the place, not just from mailboxes)

> .desktop files bring to us the same problem, they are executables by themselves,
> and as long as you receive a evil .desktop file and you save it to your hard disk, there's
> *NO*WAY* of not allowing it to execute its Exec line when you double click it.

So there is *NO*WAY* to get it to not do what it is supposed to do.
How peculiar.

> With other types of malware (say, a evil perl script being attached) that problem
> is not really there - as long as it doesn't have the +x bit it's fine. And if someone
> in the gnome/kde worlds configures their file managers to execute "perl file" if
> the file's extension is .pl they're falling  in the *same* problem than .exe, .pif,
> .desktop files: The existence of a "executable mime type", and this is much 
> different than using .jpg files to open them with gqview, because you can't store
> "executable instructions" in a jpg file, but you can store them in a .desktop file.

So the problem really is the executable mime type, NOT the .desktop
spec. The spec is only a place to point your finger at.

Perhaps the way to get rid of the problem instead of the spec is to
disallow launching .desktops with Exec-field inside the filemanager.
This would zap the shortcuts on my desktop of course, but it has got
to be worth it, right?

> This doesn't stops user's stupidity. It makes it much harder for them to fall in
> the hole. We've seen what happens in the windows world with such horrid 
> designs, and it will happen the same in linux when we've enought market share.
> Let's going to work to stop this design failure before it's too late. I don't want to
> spend my professional life runing GNUantispyware.

The reason why this stuff is deadly in the windows world is that it
can crap on your system settings, and essentially take over your
machine. In Linux, it goes as far as your account lets it go (which,
hopefully, won't be far). Reboot and log in as another user and
everything is fine. It's annoying, but simple annoyance is not enough
to induce a slew of cleverly crafted malware programs.

So while I am confident that malware will be an issue in the future if
the Linux world gets a foothold in the desktop market, I am
similarilary confident that it will not be as much of a problem since
the security model is just that much better to begin with.

-- 
Kalle Vahlman, zuh at iki.fi

More information about the xdg mailing list