.desktop files, serious security hole, virus-friendliness

Scott James Remnant scott at netsplit.com
Mon Apr 3 17:24:51 EEST 2006


On Mon, 2006-04-03 at 09:48 -0400, Rodney Dawes wrote:

> On Sun, 2006-04-02 at 22:29 -0700, Sam Watkins wrote:
> > 1. do you agree that this is a serious security problem?
> 
> I don't think it is a serious security problem. While it does expose
> the ability to run shell commands from the .desktop file, it doesn't
> seem likely that many people will do it. I mean, Windows has had
> shortcut files which are pretty much exactly the same as our .desktop
> files, and you never hear of anyone doing specific attacks like you
> suggest would be done. There are much more interesting ways to do them,
> than to have a .desktop file with an icon/label that lies about itself.
> 
Uh, PIF file attacks were very common for a long time in Windows.

Scott
-- 
Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060403/34a2f4d6/attachment.pgp 


More information about the xdg mailing list