.desktop file security
Alexander Larsson
alexl at redhat.com
Tue Feb 24 08:20:07 PST 2009
On Tue, 2009-02-24 at 16:45 +0100, Patryk Zawadzki wrote:
> On Tue, Feb 24, 2009 at 3:23 PM, Thiago Macieira <thiago at kde.org> wrote:
> > Em Terça-feira 24 Fevereiro 2009, às 15:05:04, Patryk Zawadzki escreveu:
> >> What comes to mind is why would we want to use the executable bit for
> >> non-executable files? I don't want my shell to tab-complete commands
> >> that are not executable, be it .desktop, .mp3 or .foobar. If we
> >> absolutely need to use the +x flag, use it only if extended attrs are
> >> not provided or not available.
> > .desktop files of Type=Application are executable. We just need a suitable
> > loader for them.
>
> For the record: even if we requrie this specific file type to be
> executable AND provide a binfmt launcher (please don't add the
> xdg-open shebang, it's an ugly workaround), it still does not solve
> much in "the big picture". It's still perfectly possible to create a
> desktop file, mark it as executable then archive it and send it to
> your friend (naming it pr0n.tar.gz).
Then they could as well just zip up a normal executable and name it
something like "porn.jpeg ". At this level of behaviour its not really
something you can protect against.
More information about the xdg
mailing list