.desktop files, serious security hole, virus-friendliness

Benedikt Meurer benny at xfce.org
Mon Apr 3 20:46:26 EEST 2006


Rodney Dawes wrote:
>>>Do we really need a signature and
>>>yet another dialog to pop up and annoy the user? Shouldn't we only pop
>>>up things like this when we /know/ there is an issue?
>>
>>The user shouldn't see the dialog usually. Only if the system is unable
>>to verify the signature, which should only happen in case of a bogus
>>desktop file (i.e. a virus), as systems should ship with a sane
>>trustdb. Of course, this will take time to implement for all desktop
>>environments, but in the end should be more secure than testing the x bit.
> 
> Well, for example, I create a lot of .desktop files which link to
> sftp:// and other such things, rather than mounting the remote sites,
> so I can easily view those directories in my file manager, without
> having to keep a connection open when I don't need them. I also create
> .desktop files to launch various games on my system, which don't come
> with .desktop files, such as Neverwinter Nights.

Shouldn't be a problem. The editor will automatically sign the file when
saving, and there could also be a simple CLI frontend (probably as part
of desktop-file-utils, for people who want to edit .desktop files with a
generic text editor), which can be used to sign .desktop files with the
users (autogenerated) key.

If you just sign Exec or URL, you could even edit all other parts of the
.desktop file without having to update the signature.

> -- dobey

Benedikt



More information about the xdg mailing list