Security issue with .desktop files revisited
Thiago Macieira
thiago at kde.org
Tue Apr 11 21:54:14 EEST 2006
Rodney Dawes wrote:
>Better yet, let's not encourage people to turn .desktop files into
>scripts. As has been expressed MANY times in this thread, requiring +x
>and a special tool that doesn't evaluate Exec any differently thatn we
>are currently evaluating Exec, doesn't solve the problem. It is very
>easy to ship a .desktop file to someone that is already +x.
We've got to deal with the situation where sending executable files is NOT
easy. If it's easy, then users have a bigger problem than .desktop files.
So, assuming that users don't get +x files by default, then this solution
IS a good solution, for a start. We just go back to the fact
that .desktop files don't show the full name in the file managers and can
change icons. So the user might be led to click in the icon, thinking
it's something else entirely.
>We need to fix the evaluation semantics of Exec, not write a bunch of
>easily-avoidable workarounds.
Do you have anything in mind?
I don't see a way of restricting this without -- at the same time --
restrict functionality. Why shouldn't I be able to Exec anything I want?
Example: I used to have a terminal program with a switched LANG (when I
started using UTF-8):
LANG=pt_BR konsole
That's a shell construct. Are we going to require a shell parser
for .desktop launch?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060411/2a698dc0/attachment.pgp
More information about the xdg
mailing list