Security issue with .desktop files revisited

Francois Gouget fgouget at
Sat Apr 1 09:58:08 EEST 2006

Travis Watkins wrote:
> I'd just like to point out that whatever is decided, it has to be
> something a menu editor can implement, so it has to be something a
> user can (somewhat) understand.

Users and applications need to be able to 'enable' the .desktop files 
they create. For instance, with Joe Baker (interesting) proposal we 
would need a 'sign_desktop_file' tool that can be used by applications 
when they create a desktop file.

Also notice how rogue desktop files cannot use such a tool to sign 
themselves before they are executed (no more than they can use chmod +x).

Francois Gouget
fgouget at

More information about the xdg mailing list