[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: requiring .desktop files to be executable ?
From: David Faure <faure () kde ! org>
Date: 2009-02-13 10:56:32
Message-ID: 200902131156.33778.faure () kde ! org
[Download RAW message or body]
On Wednesday 11 February 2009, Alexander Neundorf wrote:
> Hi,
>
> here's an article and comments about potential security problems
> with "executing" .desktop files although they are not executable:
> http://lwn.net/Articles/318755/
>
> Should we do something about it ?
Yes, I think so.
Re-reading the 2006 xorg discussion about it:
http://archive.netbsd.se/?ml=xorg-xdg&a=2006-03&t=2724527
it seems to me that the KDE developers involved in the discussion
were in favour of requiring +x for desktop files, but Rodney Dawes
(gnome) was not...
Kevin Ottens and I had the idea of doing this slightly differently btw:
we could require +x when the desktop file is not in a standard
directory for desktop files. This would allow to catch "save this file
in your home or on your desktop" without breaking all the desktop files
already distributed with applications.
--
David Faure, faure@kde.org, sponsored by Qt Software @ Nokia to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic