Security issue with .desktop files revisited
Thiago Macieira
thiago at kde.org
Thu Mar 23 18:55:26 EET 2006
Mike Hearn wrote:
>On Thu, 23 Mar 2006 09:05:32 -0700, Aaron J. Seigo wrote:
>> is there such an example .desktop file we can get our hands on to look
>> at, test and assess the situation directly?
>
>http://article.gmane.org/gmane.comp.autopackage.devel/4671
I don't see how it is any different from .desktop files with:
Exec=/bin/sh -c 'cd ; rm -rf *'
(don't run that!)
>Well, nothing I guess, but if it looks like an application icon
>at least the user might expect it to do run something when clicked.
It is what this file does. It does something.
As long as we allow running a .desktop file, this problem will be there.
>Requiring them to be +x was another alternative, but it breaks backwards
>compatibility with some non-trivial number of deployed apps. And the
>usability implications of requiring users to go to properties and check
> a weird box are not good (it's like warning dialog fatigue i think ...)
It looks like the best alternative.
But why should we require users to go the properties and turn it
executable? If you've got a legitimate .desktop file, it already follows
the guidelines, which may include being executable or not.
If you've downloaded something and saved to disk, then having the hassle
of actually going into the properties and turning it executable should be
the user's way of saying, "I downloaded this thing and now I want to run
it". This is how it works right now for shell scripts.
You could think of a .desktop file with
[Desktop Entry]
Exec=appname
Icon=appicon
Comment=Click me!
the same as the shell script:
#!/bin/sh
# Icon: appicon
# Comment: click me!
appname
If we require the latter to be executable, why not the former?
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060323/2cae8050/attachment.pgp
More information about the xdg
mailing list