executable .desktop files

Egon Kocjan egon at krul.ath.cx
Fri Aug 22 01:46:16 PDT 2008


Thiago Macieira wrote:
> Egon Kocjan wrote:
>> Thiago Macieira wrote:
>>> Users should have to turn something into executable before it's
>>> allowed to continue.
>>>
>>> Self-packed .desktop files are a security risk (raised more than two
>>> years ago) and should be fixed. Especially since .desktop can change
>>> its own icon and masquerade as an innocuous JPEG file, for instance.
>> What is the right way to ship instant software to non-technical users
>> then? All I can think of are similarly exploitable ways (putting +x
>> binaries into zips - the user didn't make them executable himself).
> 
> Right, but users extracted the contents explicitly. And unzip applications 
> can also warn that executables are being created, if necessary. The point 
> is that there are two actions to be taken in order to execute something, 
> thereby making an accidental click much harder to happen.
>
> So, the solution for instant software is the same: find a two-step action 
> (no one-click solutions) and that would be fine.

I hope that such two-step procedure will be soon described in a standard 
and supported by implementations, at least before the distros decide to 
break Exec=... desktop files ;)

For example, Mac web browsers recognize application.app directory 
structure, even if it's packed in a .dmg or .zip. When the user clicks 
the application link on the web site, the web browser will react 
accordingly and inform the user, that he's trying to download an 
application. Safari will also automatically mount/unpack the application 
after the warning dialog (I'm not 100% sure about firefox).

The question is, do oss desktops wish to support instant applications at 
all? Is Mac OS X behaviour acceptable? Was there any consensus reached 
at some point?

> This also includes 
> making sure there's an interpreter already installed in the system: then 
> you can make use of a .desktop or a MIME type to load with a single click 
> (the first step was installing the interpreter).

Yes, if we're talking about document oriented applications. Klik on the 
other hand adds a new type of executables (.cmg) to the system. It seems 
to me, that they were forced into "subverting" the system to provide 
application bundles.


More information about the xdg mailing list