Security issue with .desktop files revisited
Dave Cridland
dave at cridland.net
Tue Mar 28 12:39:24 EEST 2006
On Tue Mar 28 10:32:25 2006, Francois Gouget wrote:
> If think the solution would be to do like Windows XP SP2 does (or
> maybe it is Windows 2003). When you download a file (at least using
> IE and depending on your 'zone' settings), it sets some 'extended
> file attributes' to tag the file as untrusted.
You're certainly right in thinking this is a good solution, but it's
not one open to us, because not everywhere has extended attributes
just yet. The only common factor we have to play with on the vast
majority of filesystems is the file mode bits. Basically, the x bit
is currently unused, in effect, by .desktop files, so realistically
this is a poor man's emulation of this.
If people feel that the landscape has changed sufficiently to allow
us to use extended attributes rather than the x bit, then great, but
this came up before and was blocked.
Dave.
--
You see things; and you say "Why?"
But I dream things that never were; and I say "Why not?"
- George Bernard Shaw
More information about the xdg
mailing list