.desktop file security

Michael Pyne mpyne at purinchu.net
Tue Feb 24 17:11:45 PST 2009

On Tuesday 24 February 2009, Patryk Zawadzki wrote:
> On Tue, Feb 24, 2009 at 5:20 PM, Alexander Larsson <alexl at redhat.com> wrote:
> > On Tue, 2009-02-24 at 16:45 +0100, Patryk Zawadzki wrote:
> >> For the record: even if we requrie this specific file type to be
> >> executable AND provide a binfmt launcher (please don't add the
> >> xdg-open shebang, it's an ugly workaround), it still does not solve
> >> much in "the big picture". It's still perfectly possible to create a
> >> desktop file, mark it as executable then archive it and send it to
> >> your friend (naming it pr0n.tar.gz).
> >
> > Then they could as well just zip up a normal executable and name it
> > something like "porn.jpeg ". At this level of behaviour its not really
> > something you can protect against.
> It's much harder to pull off when you can't get the porn.jpeg file to
> display a generic JPEG icon. A desktop file allows you to fake both
> name and icon (also automatically translating the name according to
> user's locale!).

And yet it's more than we have now.  If we think of a better way afterwards 
it's no harm to implement it then.

 - Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freedesktop.org/archives/xdg/attachments/20090224/751a33e9/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freedesktop.org/archives/xdg/attachments/20090224/751a33e9/attachment.pgp 

More information about the xdg mailing list