executable .desktop files
Egon Kocjan
egon at krul.ath.cx
Thu Aug 21 16:39:22 PDT 2008
Thiago Macieira wrote:
> Egon Kocjan wrote:
>> Sure. If I'm not mistaken, there's no other solution, that gives you
>> instant double-clickable executables on standard gnome/kde/xfce
>> desktops.
>
> That's intentional.
>
> Users should have to turn something into executable before it's allowed to
> continue.
>
> Self-packed .desktop files are a security risk (raised more than two years
> ago) and should be fixed. Especially since .desktop can change its own
> icon and masquerade as an innocuous JPEG file, for instance.
What is the right way to ship instant software to non-technical users
then? All I can think of are similarly exploitable ways (putting +x
binaries into zips - the user didn't make them executable himself).
More information about the xdg
mailing list