Security issue with .desktop files revisited
Rodney Dawes
dobey at novell.com
Wed Mar 29 07:59:11 EEST 2006
What I don't get is why we're trying to solve it only for .desktop
files. It's a problem for all file types. For .desktop files, we should
just make the spec more explicit on how things should get executed, and
how to validate the Exec= line. Clearly we can't just check that there
are arguments in the .desktop file. One of the nice things about the
current spec, is that it has argument passing, so you can for example,
just drag a file onto a .desktop file launcher for a program, to open
the file in that program. Simply requiring +x isn't going to solve
anything. It may not be preserved through straight web downloads, but
gzip will preserve permissions. So you could ship malicious .desktop
files, compressed with gzip, and require the user to uncompress them
to use them. Or better yet, you can just have a .shar file, or
autopackage script.
Can we work on coming up with a more general solution for this, rather
than concentrating on .desktop files? We really need to apply a solution
for the problem on a much broader scope. The current "solution" in
nautilus really sucks, and won't let me even open valid files, where the
extension disagrees with the data mime type discovery. Perhaps this is
fixed, or at least works better with the new shared-mime-info or in the
latest Nautilus, but I haven't tried much yet. Also, the dialog it
produces when there is a MIME type disagreement is long and scary. We
shouldn't do that unless we know for sure there is a problem.
-- dobey
On Tue, 2006-03-28 at 20:18 +0200, Thiago Macieira wrote:
> Ludwig Nussel wrote:
> >I wonder why desktop files get 'executed' at all. Only the programs
> >that display the desktop and the menu need to run what's described
> >in a desktop file. For everything else the default action could be
> >just like the one for text/plain, ie launch an editor.
>
> The desktop and the file manager are usually the same backend. And if you
> were to browse to ~/Desktop in your filemanager, wouldn't you want to be
> able to click on your shortcuts?
More information about the xdg
mailing list