.desktop file security

Patryk Zawadzki patrys at pld-linux.org
Wed Feb 25 01:27:17 PST 2009


On Wed, Feb 25, 2009 at 10:10 AM, John Tapsell <johnflux at gmail.com> wrote:
> Are you suggesting some sort of collaborative situation where you want
> some people to trust the .desktop file and others not?   I can't even
> imagine such a situation.

No, I'm suggesting a situation where you have to sometimes work with
files you don't own. Imagine me being evil and creating a file in the
middle of a source tree:

[Desktop Entry]
Name=fixme.c
Icon=text-x-generic
Terminal=false
Type=Application
Exec=some-evil-password-sniffer

I can certainly mark the file as executable by you but that does not
make it a trusted one.

-- 
Patryk Zawadzki


More information about the xdg mailing list