"Name" key value in desk. entry spec collides with file names, could misguide users?
jub at sun.com
Mon Mar 21 10:49:37 EET 2005
Diego Calleja wrote:
> Jeffrey Vaughan <vaughan2 at seas.upenn.edu> escribió:
>>I often use the following work pattern:
>>1) Download 15ish academic papers with file names like: popl2003acm.pdf
>>2) For each file in my firefox download directory that looks like a pdf
>>in the gui, double click on the paper.
>>3) Rename or delete the paper as appropriate.
> PDFs are completely different, they are "data". A desktop file is not just "data", it is data
> which happens to run the commands you put in the Exec field. Doubleclicking it won't
> harm you (unless there's a bug in the PDF reader)
That is the point. Many users can't tell the difference or don't realize
the implications. And in some cases even those that do won't notice the
one fishy file among two dozen good ones. If the standard sequence (1)
download file (2) double click can execute arbitrary code then this is
an invitation to exploit.
The +x solution requires extra steps that make the difference visible.
More information about the xdg