Security issue with .desktop files revisited

Mike Hearn mike at
Sun Apr 2 02:19:21 EEST 2006

On Sat, 01 Apr 2006 08:58:08 +0200, Francois Gouget wrote:
> Also notice how rogue desktop files cannot use such a tool to sign 
> themselves before they are executed (no more than they can use chmod +x).

Actually I quite liked your original proposal with using EAs. Not every
system supports it, but this is not an essential feature so IMHO that's
OK. At least, it would give people  (more)  incentive to properly support
EAs. And support is coming anyway as Beagle uses EAs extensively.

More information about the xdg mailing list