Security issue with .desktop files revisited

Thomas Leonard tal at
Sat Mar 25 12:56:00 EET 2006

On Thu, 23 Mar 2006 16:36:39 +0000, Mike Hearn wrote:

> On Thu, 23 Mar 2006 09:05:32 -0700, Aaron J. Seigo wrote:
>> what prevents a malicious .desktop file from using any of the other icons we 
>> ship and pretending to be something else? looking through just the 
>> Application icons i have on disk here, any number of them could be used to 
>> pretend to be a movie, an mp3, a word processing document .....
> Well, nothing I guess, but if it looks like an application icon
> at least the user might expect it to do run something when clicked. MIME
> type icons are usually recognisable in most icon themes by having a paper
> background, it's a simple enough heuristic.
> I'm open to alternative ideas though. An emblem for executable .desktop
> files? That'd kinda suck though, I have a bunch of launchers on my desktop
> and don't really want them cluttered up with some intrusive overlay. I
> already know they're executable!

ROX-Filer shows .desktop files (and anything else it will execute if
clicked) with a different text colour, but leaves the icon alone.

Dr Thomas Leonard
GPG: 9242 9807 C985 3C07 44A6  8B9A AE07 8280 59A5 3CC1

More information about the xdg mailing list