.desktop files, serious security hole, virus-friendliness

Scott James Remnant scott at netsplit.com
Wed Apr 5 02:20:35 EEST 2006


On Tue, 2006-04-04 at 20:03 +0100, Mark Seaborn wrote:

> One problem with using the executable bit on .desktop files is that
> the executable bit could become set without any special action by the
> user.
> 
In particular, if saved to a FAT partition (USB drive) or similar.

A different approach would be a standard for saving of attachments and
files downloaded from the Internet.  E-mail clients, Web browsers, etc.
would honour this standard, and declare their support for it as a
feature.

The standard would simply forbid such clients from saving a file which
could be interpreted as a desktop file, or executable, without the
user's express consent.

Scott
-- 
Have you ever, ever felt like this?
Had strange things happen?  Are you going round the twist?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060405/e35caaec/attachment.pgp 


More information about the xdg mailing list