.desktop files, serious security hole, virus-friendliness
Mike Hearn
mike at plan99.net
Tue Apr 4 01:51:43 EEST 2006
On Sun, 02 Apr 2006 22:29:04 -0700, Sam Watkins wrote:
> I feel this "x-bit" is the single best protection available to the
> non-expert desktop user under Linux/UNIX, which prevents malware
> becoming common in *nix
This is not a universally accepted opinion.
The discussion also was started NOT because .desktop files ignore the +x
bit which is quite a trivial issue imho, but because they can make
themselves appear to be absolutely anything you want, including files that
are "safe" to open like image/document files, when in fact they are
programs.
This kind of two-facedness has been exploited in the past, and _that_ is
the real issue here.
Other problems to do with controlling unknown software are still a
research problem, and whilst they definitely need research, UNIX
permissions won't be solving them anytime soon.
More information about the xdg
mailing list