.desktop files, serious security hole, virus-friendliness
alleykat at gmail.com
Mon Apr 3 20:57:45 EEST 2006
On 4/3/06, Benedikt Meurer <benny at xfce.org> wrote:
> Shouldn't be a problem. The editor will automatically sign the file when
> saving, and there could also be a simple CLI frontend (probably as part
> of desktop-file-utils, for people who want to edit .desktop files with a
> generic text editor), which can be used to sign .desktop files with the
> users (autogenerated) key.
So now all $EVIL_APP has to do is run that command line util and it's
good to go. Of course, in this case we're trying to stop $EVIL_APP
from getting installed from just a .desktop file so I guess it's
better than what we have now.
More information about the xdg