.desktop files, serious security hole, virus-friendliness

Mike Hearn mike at plan99.net
Thu Apr 6 01:13:00 EEST 2006

On Tue, 04 Apr 2006 20:02:49 -0700, Sam Watkins wrote:
> This would be too difficult to implement given the enormous variety of
> e-mail clients and browsers.

Whilst there are many, there are only a few likely to be used by those at
risk of being fooled by a lying .desktop file so this idea is certainly
tractable and is a variant of the EA scheme that Francois came up with.

I'd still like .desktop files to not be able to impersonate document types
BUT preventing browsers/email clients from saving them is a fine
substitute given I can't think of a legitimate reason to do such a thing.

More information about the xdg mailing list