Security issue with .desktop files revisited
benny at xfce.org
Tue Apr 11 20:07:14 EEST 2006
Rodney Dawes wrote:
> Better yet, let's not encourage people to turn .desktop files into
> scripts. As has been expressed MANY times in this thread, requiring +x
> and a special tool that doesn't evaluate Exec any differently thatn we
> are currently evaluating Exec, doesn't solve the problem. It is very
> easy to ship a .desktop file to someone that is already +x.
> We need to fix the evaluation semantics of Exec, not write a bunch of
> easily-avoidable workarounds.
That's of course the preferable solution... but if people insist upon
making .desktop files executable, it should atleast be done in a cross
> -- dobey
More information about the xdg