Security issue with .desktop files revisited
tal at ecs.soton.ac.uk
Sat Mar 25 20:42:15 EET 2006
On Sat, 25 Mar 2006 13:14:51 +0000, Mike Hearn wrote:
> On Sat, 25 Mar 2006 10:56:00 +0000, Thomas Leonard wrote:
>> ROX-Filer shows .desktop files (and anything else it will execute if
>> clicked) with a different text colour, but leaves the icon alone.
> That's the sort of thing we want, I think, but does it really work? Have
> you tested it on people to see if they are suspicious of a different
> coloured thing that looks like a jpeg image file?
Back before MIME-type inheritance let us work out what MIME types can
never be executed, we used to try to execute anything with the X bit set
(even JPEGs ;-). I would certainly notice if one was on a DOS format
media with the X bit set before clicking on it.
Whether normal users would notice (or care) I don't know. Also, it
probably helps that ROX users are used to using the filer to run programs
(so they get used to the colour scheme). If you normally run programs
using a start menu, you might notice something was different, but not
know what it meant.
Dr Thomas Leonard http://rox.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg