Security issue with .desktop files revisited

Ludwig Nussel ludwig.nussel at suse.de
Wed Mar 29 11:21:27 EEST 2006


On Tuesday 28 March 2006 20:18, Thiago Macieira wrote:
> Ludwig Nussel wrote:
> >I wonder why desktop files get 'executed' at all. Only the programs
> >that display the desktop and the menu need to run what's described
> >in a desktop file. For everything else the default action could be
> >just like the one for text/plain, ie launch an editor.
> 
> The desktop and the file manager are usually the same backend. And if you 
> were to browse to ~/Desktop in your filemanager, wouldn't you want to be 
> able to click on your shortcuts?

~/Desktop is not what's displayed as desktop. The desktop is (or
could be) an overlay of multiple directories. So ~/Desktop is just a
directory like any other directory, it just happens to be the place
where the user specific part of the desktop is stored in the
filesystem. Same applies to the files for the menu.
~/.local/share/applications is not what I see in the menu. So IMO
it's fine to open a text editor when clicking on a file in
~/.local/share/application|~/Desktop but launch the application when
clicking on the representation of the same file in the menu or on
the desktop.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/










More information about the xdg mailing list