.desktop file security

Alexander Larsson alexl at redhat.com
Tue Feb 24 04:46:16 PST 2009


On Tue, 2009-02-24 at 12:40 +0000, Simon McVittie wrote:
> On Tue, 24 Feb 2009 at 13:29:05 +0100, Alexander Larsson wrote:
> > On Tue, 2009-02-24 at 11:13 +0000, John Tapsell wrote:
> > > It's dangerous not to.  If it's marked as executable, and you execute
> > > it, it will try to be parsed by bash.  Most of the time this will just
> > > generate lots of "file not found" errors as bash tries to understand
> > > it, but it seems pretty dangerous to rely on this!
> > 
> > Really, even if there is no #!/bin/sh ? How does it know to pick bash as
> > the interpreter for files like this?
> 
> More accurately, /bin/sh will try to parse it (executable files that
> have no #! and no magic number recognised by the kernel are executed with
> /bin/sh). /bin/sh happens to be bash on most distributions, at least by
> default (but is dash on Ubuntu and on some Debian systems).

Ok, that sounds like a bad idea then. If we have to put in anything I
guess xdg-open is as good as it goes.




More information about the xdg mailing list