Security issue with .desktop files revisited
Thomas Leonard
tal at ecs.soton.ac.uk
Mon Apr 10 23:26:42 EEST 2006
On Mon, 10 Apr 2006 04:58:28 -0700, Sam Watkins wrote:
> Waldo Bastian wrote:
>> I think it's a sane idea to require +x on .desktop files in order for a file
>> browser or "Desktop" to execute the .desktop file. It shouldn't be too much
>> of a problem to add a #!/usr/bin/xdg-open line to the format either, although
>> it my take a while before applications actually start to add that.
>
> Thank-you very much for the encouragement Waldo :)
>
> I'll have a go at implementing my proposal soon, God willing.
>
> If anyone knows of particular bits of gnome, kde and xfce that are
> responsible for executing, creating and editing .desktop files,
> would you please let me know to save me having to hunt around?
>
> Also do you know of any other environments, utilities, etc. out there
> that use, create or manipulate .desktop files? Maybe there's a list
> somewhere?
Well, in ROX-Filer diritem.c, delete this:
else if (item->mime_type == application_x_desktop)
{
item->flags |= ITEM_FLAG_EXEC_FILE;
}
But, I doubt you'll have much success getting patches applied until
*after* .desktop files come with +x by default ;-)
--
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg
mailing list