.desktop files, serious security hole, virus-friendliness

Benedikt Meurer benny at xfce.org
Mon Apr 3 20:26:15 EEST 2006

Rodney Dawes wrote:
>>>I'd propose to optionally include a digital signature for the Exec field
>>>(i.e. add an ExecSignature field to the spec) and let the file manager
>>>ask the user whether he/she trusts the signee or popup a warning if no
>>>signature is present. Distributions should then ship with a good default
>>>set of trusted certificates (i.e. for Gnome, KDE, Xfce, etc.), so users
>>>shouldn't see the warning unless they're trying to execute a
>>>virus.desktop or a .desktop file whose signee is not yet in the trustdb.
>>[I'm not trying to shoot your idea down; I'm just raising some discussion 
>>How would this work for user-created files? Should the desktop 
>>automatically sign the files? Should we require each and every user to 
>>have a GPG key?
> Shoulud it be GPG? What about S/MIME?

It doesn't need to be GPG.

> Do we really need a signature and
> yet another dialog to pop up and annoy the user? Shouldn't we only pop
> up things like this when we /know/ there is an issue?

The user shouldn't see the dialog usually. Only if the system is unable
to verify the signature, which should only happen in case of a bogus
.desktop file (i.e. a virus), as systems should ship with a sane
trustdb. Of course, this will take time to implement for all desktop
environments, but in the end should be more secure than testing the x bit.

Just an idea, tho...

> -- dobey


More information about the xdg mailing list