Security issue with .desktop files revisited

Thiago Macieira thiago at kde.org
Thu Mar 23 18:55:26 EET 2006 

Mike Hearn wrote:
>On Thu, 23 Mar 2006 09:05:32 -0700, Aaron J. Seigo wrote:
>> is there such an example .desktop file we can get our hands on to look
>> at, test and assess the situation directly?
>
>http://article.gmane.org/gmane.comp.autopackage.devel/4671

I don't see how it is any different from .desktop files with:
Exec=/bin/sh -c 'cd ; rm -rf *'
(don't run that!)

>Well, nothing I guess, but if it looks like an application icon
>at least the user might expect it to do run something when clicked.

It is what this file does. It does something.

As long as we allow running a .desktop file, this problem will be there.

>Requiring them to be +x was another alternative, but it breaks backwards
>compatibility with some non-trivial number of deployed apps. And the
>usability implications of requiring users to go to properties and check
> a weird box are not good (it's like warning dialog fatigue i think ...)

It looks like the best alternative.

But why should we require users to go the properties and turn it 
executable? If you've got a legitimate .desktop file, it already follows 
the guidelines, which may include being executable or not.

If you've downloaded something and saved to disk, then having the hassle 
of actually going into the properties and turning it executable should be 
the user's way of saying, "I downloaded this thing and now I want to run 
it". This is how it works right now for shell scripts.

You could think of a .desktop file with
[Desktop Entry]
Exec=appname
Icon=appicon
Comment=Click me!

the same as the shell script:
#!/bin/sh
# Icon: appicon
# Comment: click me!
appname

If we require the latter to be executable, why not the former?
-- 
Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
  thiago.macieira (AT) trolltech.com     Trolltech AS
    GPG: 0x6EF45358                   |  Sandakerveien 116,
    E067 918B B660 DBD1 105C          |  NO-0402
    966C 33F5 F005 6EF4 5358          |  Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060323/2cae8050/attachment.pgp

More information about the xdg mailing list