"Name" key value in desk. entry spec collides with file names, could misguide users?

Joerg Barfurth jub at sun.com
Mon Mar 21 10:49:37 EET 2005


Diego Calleja wrote:

> Jeffrey Vaughan <vaughan2 at seas.upenn.edu> escribió:
>>I often use the following work pattern:
>>1) Download 15ish academic papers with file names like: popl2003acm.pdf 
>>or df3324r.pdf.
>>2) For each file in my firefox download directory that looks like a pdf 
>>in the gui, double click on the paper.
>>3) Rename or delete the paper as appropriate.

> PDFs are completely different, they are "data". A desktop file is not just "data", it is data
> which happens to run the commands you put in the Exec field. Doubleclicking it won't
> harm you (unless there's a bug in the PDF reader)

That is the point. Many users can't tell the difference or don't realize 
the implications. And in some cases even those that do won't notice the 
one fishy file among two dozen good ones. If the standard sequence (1) 
download file (2) double click can execute arbitrary code then this is 
an invitation to exploit.

The +x solution requires extra steps that make the difference visible.

Ciao, Joerg

More information about the xdg mailing list