Free desktop application distribution and installation
maandree at member.fsf.org
Mon Dec 8 15:59:41 PST 2014
On Tue, 9 Dec 2014 00:38:30 +0100
Matthias Klumpp <matthias at tenstral.net> wrote:
> This actually has some security implications, e.g. a
> malicious software can taint the other applications and
> use them to hide itself.
Provided that we are talking about applications:
* Unless you require root they can always so this.
* They can always taint ~/.local, and personally I
have ~/.local/bin in my $PATH.
* If your require root they can set setuid, and
> once kdbus is merged into the kernel (and
> large chunks of data can be transmitted via it), we get
> something which is able to perform these tasks.
Would by mind clarifying what you are talking about?
More information about the xdg