.desktop file security
Patryk Zawadzki
patrys at pld-linux.org
Wed Feb 25 01:27:17 PST 2009
On Wed, Feb 25, 2009 at 10:10 AM, John Tapsell <johnflux at gmail.com> wrote:
> Are you suggesting some sort of collaborative situation where you want
> some people to trust the .desktop file and others not? I can't even
> imagine such a situation.
No, I'm suggesting a situation where you have to sometimes work with
files you don't own. Imagine me being evil and creating a file in the
middle of a source tree:
[Desktop Entry]
Name=fixme.c
Icon=text-x-generic
Terminal=false
Type=Application
Exec=some-evil-password-sniffer
I can certainly mark the file as executable by you but that does not
make it a trusted one.
--
Patryk Zawadzki
More information about the xdg
mailing list