.desktop files, serious security hole, virus-friendliness

Mike Hearn mike at plan99.net
Tue Apr 4 01:51:43 EEST 2006


On Sun, 02 Apr 2006 22:29:04 -0700, Sam Watkins wrote:
> I feel this "x-bit" is the single best protection available to the
> non-expert desktop user under Linux/UNIX, which prevents malware
> becoming common in *nix

This is not a universally accepted opinion.

The discussion also was started NOT because .desktop files ignore the +x
bit which is quite a trivial issue imho, but because they can make
themselves appear to be absolutely anything you want, including files that
are "safe" to open like image/document files, when in fact they are
programs.

This kind of two-facedness has been exploited in the past, and _that_ is
the real issue here.

Other problems to do with controlling unknown software are still a
research problem, and whilst they definitely need research, UNIX
permissions won't be solving them anytime soon.




More information about the xdg mailing list