Security issue with .desktop files revisited
Francois Gouget
fgouget at codeweavers.com
Sat Apr 1 09:58:08 EEST 2006
Travis Watkins wrote:
> I'd just like to point out that whatever is decided, it has to be
> something a menu editor can implement, so it has to be something a
> user can (somewhat) understand.
Agreed.
Users and applications need to be able to 'enable' the .desktop files
they create. For instance, with Joe Baker (interesting) proposal we
would need a 'sign_desktop_file' tool that can be used by applications
when they create a desktop file.
Also notice how rogue desktop files cannot use such a tool to sign
themselves before they are executed (no more than they can use chmod +x).
--
Francois Gouget
fgouget at codeweavers.com
More information about the xdg
mailing list