Security issue with .desktop files revisited
Mike Hearn
mike at plan99.net
Thu Mar 23 19:42:09 EET 2006
On Thu, 23 Mar 2006 17:55:26 +0100, Thiago Macieira wrote:
> I don't see how it is any different from .desktop files with:
> Exec=/bin/sh -c 'cd ; rm -rf *'
> (don't run that!)
It's not really, except you can write longer programs and even run
arbitrary ELF programs too.
> It looks like the best alternative.
>
> But why should we require users to go the properties and turn it
> executable? If you've got a legitimate .desktop file, it already follows
> the guidelines, which may include being executable or not.
Well, this guideline doesn't exist yet, so no .desktop files will have
it. And those programs out there that make .desktop files (on the users
desktop for instance) will break.
Perhaps a more complicated system would work better ... +x bit is only
needed if the Exec line does not contain an absolute path?
> If we require the latter to be executable, why not the former?
Well, I was never convinced the +x bit was a good idea, problem is that if
it's off this doesn't give the user any information they didn't already
know. So why would they change their decision? They double clicked it,
right? The best you could do is some kind of warning, "This file is a
program. If you continue, it may do anything you can do. Only proceed if
you trust the origin of this file." But people often ignore or click
through such warnings without really considering them.
thanks -mike
More information about the xdg
mailing list