"Name" key value in desk. entry spec collides with file names, could misguide users?

Dave Cridland dave at cridland.net
Wed Mar 16 00:33:35 EET 2005


On Tue Mar 15 19:47:08 2005, Kalle Vahlman wrote:
> its beauty in an hex editor? There is a way to be immune to this type
> of attacks, and it is educated users that DO NOT download shady
> materials.

Yes, absolutely. That's the kind of responsible attitude we need around here - after all, this kind of thinking is already well proven in the Windows world, where users have never clicked on things they shouldn't.

Well, okay, there's a certain class of users who do persist in reading the wrong attachments, but this is a problem restricted to Windows, and not to Unix, because we have a better class of user. It's true! The moment you put a Linux CD in the drive, your IQ and computing knowledge increases by a vast order of magnitude, allowing us to pass the buck straight to the user, without any deriliction of duty having taken place.

Okay, seriously, I like Waldo's notion of +x required on .desktop files. My questions, and suggested answers:

What happens if they're actually executed? Currently, they're treated as a shell script.
Could this potentially cause damage? [I think so. Especially where a line is of the form Var=Val valid-command [args]]
Should we prepend an interpreter line? [Yes, ideally.]
What should it do? [#!/usr/bin/env xdg-exec - a script which may or may not exist, but if it does, it does whatever the adminstrator/distribution thought sensible.]

A rough test of adding #!/usr/bin/env xdg-exec as the first line of a chmod u+x'd desktop file appeared to suggest that it was safe, and worked with existing .desktop file stuff.

Dave.



More information about the xdg mailing list