.desktop files, serious security hole, virus-friendliness

Thiago Macieira thiago at kde.org
Mon Apr 3 20:27:52 EEST 2006


Rodney Dawes wrote:
>On Mon, 2006-04-03 at 19:03 +0200, Thiago Macieira wrote:
>> Benedikt Meurer wrote:
>> >I'd propose to optionally include a digital signature for the Exec
>> > field (i.e. add an ExecSignature field to the spec) and let the file
>> > manager ask the user whether he/she trusts the signee or popup a
>> > warning if no signature is present. Distributions should then ship
>> > with a good default set of trusted certificates (i.e. for Gnome,
>> > KDE, Xfce, etc.), so users shouldn't see the warning unless they're
>> > trying to execute a virus.desktop or a .desktop file whose signee is
>> > not yet in the trustdb.
>>
>> [I'm not trying to shoot your idea down; I'm just raising some
>> discussion points]
>>
>> How would this work for user-created files? Should the desktop
>> automatically sign the files? Should we require each and every user to
>> have a GPG key?
>
>Shoulud it be GPG? What about S/MIME? Do we really need a signature and
>yet another dialog to pop up and annoy the user? Shouldn't we only pop
>up things like this when we /know/ there is an issue?

Right, it doesn't have to be a GPG signature.

It could be a simple cookie secret that is stored somewhere in the user 
directory and created when first needed -- and then reused.

How would this apply to read-only files? How about files stored in 
read-only dirs? (I'm thinking of /usr/share here).

Should ISVs have to "sign" their files too?

-- 
Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
  thiago.macieira (AT) trolltech.com     Trolltech AS
    GPG: 0x6EF45358                   |  Sandakerveien 116,
    E067 918B B660 DBD1 105C          |  NO-0402
    966C 33F5 F005 6EF4 5358          |  Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060403/30ed7852/attachment.pgp 


More information about the xdg mailing list