.desktop files, serious security hole, virus-friendliness

Rodney Dawes dobey at novell.com
Mon Apr 3 21:16:45 EEST 2006

On Mon, 2006-04-03 at 12:57 -0500, Travis Watkins wrote:
> On 4/3/06, Benedikt Meurer <benny at xfce.org> wrote:
> > Shouldn't be a problem. The editor will automatically sign the file when
> > saving, and there could also be a simple CLI frontend (probably as part
> > of desktop-file-utils, for people who want to edit .desktop files with a
> > generic text editor), which can be used to sign .desktop files with the
> > users (autogenerated) key.
> So now all $EVIL_APP has to do is run that command line util and it's
> good to go. Of course, in this case we're trying to stop $EVIL_APP
> from getting installed from just a .desktop file so I guess it's
> better than what we have now.

But what if $EVIL_APP is just a shar file that is already +x, and
creates a .desktkop which signs itself, and then lets the user click
that to run EVIL_ME_HARDER=1 $EVIL_APP or whatever? It doesn't /really/
solve the problem. It just makes it a little more work to deal with.

We should concentrate on what the real issues are, and how people really
need to use .desktop files for valid installs, and fix the spec so that
it only allows the valid cases to work. We shouldn't keep piling
workaround upon workaround on top of the problem, until it just becomes
so much work to actually create a valid .desktop file, that nobody will
bother doing it anyway.

-- dobey

More information about the xdg mailing list