Security issue with .desktop files revisited

Thiago Macieira thiago at kde.org
Wed Apr 12 22:30:04 EEST 2006


Rodney Dawes wrote:
>actually use their computer. And .desktop files are in fact data and
>not executable scripts. Requiring +x just requires you to make them
>behave more like scripts.

The fact that you can write a whole shell script in the Exec= line 
makes .desktop files de-facto scripts. They are shell scripts with a 
special syntax and one that allows you to change the icon.

>We need to fix the semantics of the Icon field as well. This is actually
>easy to specify for common desktop applications. We can just rely on the
>naming scheme for application icons that is in the Icon Naming
>Specification, and specify the proper way to deal with types of .desktop
>files which are not Type=Application as well, such as links to webdav or
>smb shares.

Agreed. This makes sense.

>Users are going to just get into the habit of always doing chmod
>+x, as we have already been doing for perl/python/etc... scripts that
>we download off the web.

If they have that habit, they may be doing even nastier things than what a 
shell script is capable of. A Perl script could be complex enough to 
install backdoors and log keystrokes.

>Setting +x is not a solution, it's a problem.

I don't see how enforcing the bit could cause more harm than right now.

-- 
Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
  thiago.macieira (AT) trolltech.com     Trolltech AS
    GPG: 0x6EF45358                   |  Sandakerveien 116,
    E067 918B B660 DBD1 105C          |  NO-0402
    966C 33F5 F005 6EF4 5358          |  Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060412/ce690d7e/attachment.pgp 


More information about the xdg mailing list