Security issue with .desktop files revisited
dave at cridland.net
Tue Mar 28 22:47:46 EEST 2006
On Tue Mar 28 20:40:46 2006, Francois Gouget wrote:
> I was thinking more of something along the lines of
> '#!/usr/bin/run_desktop_file'. Desktop files are equivalent to
> shell scripts anyway. The only thing missing is that one cannot use
> them transparently because exec() does not know what to do with
> them. This limits their use to a few Freeesktop-aware applications.
> Adding the above line and making _trusted_ desktop files executable
> would fix this oversight.
Hmmm... Of course, "launching" a desktop file could be done by simply
executing it, then, which makes quite a bit of sense.
You see things; and you say "Why?"
But I dream things that never were; and I say "Why not?"
- George Bernard Shaw
More information about the xdg