Free desktop application distribution and installation

Mattias Andrée maandree at
Mon Dec 8 15:59:41 PST 2014

On Tue, 9 Dec 2014 00:38:30 +0100
Matthias Klumpp <matthias at> wrote:

> This actually has some security implications, e.g. a
> malicious software can taint the other applications and
> use them to hide itself.

Provided that we are talking about applications:

* Unless you require root they can always so this.

* They can always taint ~/.local, and personally I
  have ~/.local/bin in my $PATH.

* If your require root they can set setuid, and
  taint everything.

> once kdbus is merged into the kernel (and
> large chunks of data can be transmitted via it), we get
> something which is able to perform these tasks.

Would by mind clarifying what you are talking about?

More information about the xdg mailing list