Security issue with .desktop files revisited

Dave Cridland dave at
Tue Mar 28 12:39:24 EEST 2006

On Tue Mar 28 10:32:25 2006, Francois Gouget wrote:
> If think the solution would be to do like Windows XP SP2 does (or 
> maybe it is Windows 2003). When you download a file (at least using 
> IE and depending on your 'zone' settings), it sets some 'extended 
> file attributes' to tag the file as untrusted.

You're certainly right in thinking this is a good solution, but it's 
not one open to us, because not everywhere has extended attributes 
just yet. The only common factor we have to play with on the vast 
majority of filesystems is the file mode bits. Basically, the x bit 
is currently unused, in effect, by .desktop files, so realistically 
this is a poor man's emulation of this.

If people feel that the landscape has changed sufficiently to allow 
us to use extended attributes rather than the x bit, then great, but 
this came up before and was blocked.

           You see things; and you say "Why?"
   But I dream things that never were; and I say "Why not?"
    - George Bernard Shaw

More information about the xdg mailing list