.desktop files, serious security hole, virus-friendliness

Benedikt Meurer benny at xfce.org
Fri Apr 7 20:32:55 EEST 2006


Sam Watkins wrote:
> I'm worried about accidents, not about users who are stupid enough to
> actually "chmod +x" a virus because some bogus web-page tells them to!
> Those users deserve what they get.

That's what its all about. If all users were smart enough (not "stupid
enough"), there would be no need to talk about this.

> Can't we at least agree that this IS a problem?  and concentrate on
> solving this SPECIFIC problem?

I doubt that caps lock helps to solve the issue... the problem is well
known and you were already told to look at the mailinglist archives, and
discover that people are aware of this issue.

> To repeat, the problem is that .desktop files, UNLIKE EVERY OTHER SORT
> OF UNIX PROGRAM OR SCRIPT, can be executed without having been granted
> the +x permission.

That's your interpretation of the problem. The problem itself has
nothing to do with the +x bit, and unless you are able to open your mind
to the more general view of the problem, this thread will not procude a
viable solution.

> Sam

Benedikt




More information about the xdg mailing list