Security issue with .desktop files revisited

Thiago Macieira thiago at kde.org
Thu Mar 23 21:06:54 EET 2006 

Mike Hearn wrote:
>On Thu, 23 Mar 2006 17:55:26 +0100, Thiago Macieira wrote:
>> I don't see how it is any different from .desktop files with:
>> Exec=/bin/sh -c 'cd ; rm -rf *'
>> (don't run that!)
>
>It's not really, except you can write longer programs and even run
>arbitrary ELF programs too.

The possibility of embedding one format inside another while both are 
still completely valid exists for many other formats. You can find many 
examples out there that do that. Doing so for .desktop files is no 
surprise.

>Perhaps a more complicated system would work better ... +x bit is only
>needed if the Exec line does not contain an absolute path?

The example could be written to call Exec=sh ....
instead of Exec=/bin/sh -c ...

This doesn't help at all.

>> If we require the latter to be executable, why not the former?
>
>Well, I was never convinced the +x bit was a good idea, problem is that
> if it's off this doesn't give the user any information they didn't
> already know. So why would they change their decision? They double
> clicked it, right? The best you could do is some kind of warning, "This
> file is a program. If you continue, it may do anything you can do. Only
> proceed if you trust the origin of this file." But people often ignore
> or click through such warnings without really considering them.

This warning would show up for each and every .desktop file that the user 
clicked on, on the file manager and on the desktop. It would be really 
annoying to click on your mail program on your desktop and get a 
warning "you clicked on an icon that runs a program. Do you want to run 
the program?"

-- 
Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
  thiago.macieira (AT) trolltech.com     Trolltech AS
    GPG: 0x6EF45358                   |  Sandakerveien 116,
    E067 918B B660 DBD1 105C          |  NO-0402
    966C 33F5 F005 6EF4 5358          |  Oslo, Norway
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
Url : http://lists.freedesktop.org/archives/xdg/attachments/20060323/eb0cfd10/attachment.pgp

More information about the xdg mailing list