Security issue with .desktop files revisited

Mike Hearn mike at plan99.net
Tue Mar 28 15:37:41 EEST 2006


Francois Gouget wrote:
> So in the above scenario, when the user downloads the rogue '.desktop' 
> file to his desktop, that file will be tagged as 'untrusted'. Then, 
> clicking on it would warn the user before running it. .desktop files 
> shipped with the distribution would not have the 'untrusted' bit and 
> thus would not issue this warning. Also, this warning could be 
> selectively issued only for .desktop and 'executable' files, and not 
> if the file is merely a simple jpeg. But that could be configurable 
> and a 'paranoid' setting would warn for all untrusted files (in case 
> they are designed to trigger buffer overflows).
>
> Such a solution requires quite a bit of work and time to be 
> implemented but then I think any solution to this problem do.
Yes, this is a variant on the +x bit marks a file as trusted.

Here's an  idea - the problem with requiring an EA or +x to be set is it 
breaks backwards compatibility (it'd break Crossover/Wine for one ...). 
But what if the logic is inverted - so the absence of +x means a file is 
trusted, and web browsers or email programs set +x when they save a file 
to disk? The +x bit on a .desktop file in the users home dir is then 
treated as a "don't trust" marker. This doesn't break backwards 
compatibility and only requires that web browsers and email programs be 
patched.

I'd still be happier with some solution that prevented a .desktop file 
masquerading as a JPEG file, but anything is better than nothing ...




More information about the xdg mailing list