.desktop files, serious security hole, virus-friendliness
Mike Hearn
mike at plan99.net
Thu Apr 6 01:13:00 EEST 2006
On Tue, 04 Apr 2006 20:02:49 -0700, Sam Watkins wrote:
> This would be too difficult to implement given the enormous variety of
> e-mail clients and browsers.
Whilst there are many, there are only a few likely to be used by those at
risk of being fooled by a lying .desktop file so this idea is certainly
tractable and is a variant of the EA scheme that Francois came up with.
I'd still like .desktop files to not be able to impersonate document types
BUT preventing browsers/email clients from saving them is a fine
substitute given I can't think of a legitimate reason to do such a thing.
More information about the xdg
mailing list