"Name" key value in desk. entry spec collides with file names, could misguide users?
Mike Hearn
mike at navi.cx
Sun Mar 20 23:08:04 EET 2005
On Sun, 20 Mar 2005 21:54:33 +0100, Waldo Bastian wrote:
> I suggest we combine the +x bit with the quarantine features offered by
> SELinux. .desktop files that have a +x bit set can be run as they are done
> now and SELinux can run .desktop files without +x bit in a sandboxed
> environment.
Hmm, yes that would work. Presumably if SELinux was not present it would
also be run just as it is now (otherwise lots of launchers would break).
On the other hand this overloads the meaning of the +x bit where SELinux
uses an extended attribute to store security context.
An alternative is to provide a warning for .desktop files without the
+x bit but still allow the "launch" to proceed. The warning could offer
to set the +x for the user so it does not appear again. Maybe:
"This icon has not been marked as a program launcher but it will run:
blah blah blah blah
If you think you are opening a document, this may be a malicious
icon so click Cancel. Otherwise click Run."
And if the user chooses the run button the file manager sets +x
automatically.
This seems like a good middle ground: it provides a quick stop-gap measure
to advise users that there may be something suspicious going on but
doesn't force them to memorise some repetitive (and obscure) action. It
also means during the transitional period old launchers that are valid (eg
put there by Wine or game installers) can be converted easily and in
future apps will know to mark launchers with the +x bit.
On the other hand, many such desktop launchers are placed there by old
software which cannot be upgraded as it's proprietary (or just
unmaintained) so it could be causing spurious warnings for years ....
thanks -mike
More information about the xdg
mailing list