Security issue with .desktop files revisited
tal at ecs.soton.ac.uk
Sat Mar 25 12:56:00 EET 2006
On Thu, 23 Mar 2006 16:36:39 +0000, Mike Hearn wrote:
> On Thu, 23 Mar 2006 09:05:32 -0700, Aaron J. Seigo wrote:
>> what prevents a malicious .desktop file from using any of the other icons we
>> ship and pretending to be something else? looking through just the
>> Application icons i have on disk here, any number of them could be used to
>> pretend to be a movie, an mp3, a word processing document .....
> Well, nothing I guess, but if it looks like an application icon
> at least the user might expect it to do run something when clicked. MIME
> type icons are usually recognisable in most icon themes by having a paper
> background, it's a simple enough heuristic.
> I'm open to alternative ideas though. An emblem for executable .desktop
> files? That'd kinda suck though, I have a bunch of launchers on my desktop
> and don't really want them cluttered up with some intrusive overlay. I
> already know they're executable!
ROX-Filer shows .desktop files (and anything else it will execute if
clicked) with a different text colour, but leaves the icon alone.
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg