executable .desktop files

Egon Kocjan egon at krul.ath.cx
Thu Aug 21 16:39:22 PDT 2008

Thiago Macieira wrote:
> Egon Kocjan wrote:
>> Sure. If I'm not mistaken, there's no other solution, that gives you
>> instant double-clickable executables on standard gnome/kde/xfce
>> desktops.
> That's intentional.
> Users should have to turn something into executable before it's allowed to 
> continue.
> Self-packed .desktop files are a security risk (raised more than two years 
> ago) and should be fixed. Especially since .desktop can change its own 
> icon and masquerade as an innocuous JPEG file, for instance.

What is the right way to ship instant software to non-technical users 
then? All I can think of are similarly exploitable ways (putting +x 
binaries into zips - the user didn't make them executable himself).

More information about the xdg mailing list