From kde-core-devel  Sat Feb 21 19:14:31 2009
From: Michael Pyne <mpyne () purinchu ! net>
Date: Sat, 21 Feb 2009 19:14:31 +0000
To: kde-core-devel
Subject: Re: Update on progress [PATCH]
Message-Id: <200902211414.32600.mpyne () purinchu ! net>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123524372921065
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--nextPart4631794.RicpOlH8Pl"

--nextPart4631794.RicpOlH8Pl
Content-Type: multipart/alternative;
  boundary="Boundary-01=_YKFoJzryeXCjpmL"
Content-Transfer-Encoding: 7bit

--Boundary-01=_YKFoJzryeXCjpmL
Content-Type: text/plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable

On Saturday 21 February 2009, John Tapsell wrote:
> In the screenshot, the text service 'mileage tracker' comes from the
> untrusted .desktop file itself right?  So couldn't the malicious
> .desktop file put any service name?  Such as "system.  This is a vital
> service - so you must click continue or risk breaking your system."

Yes.  Hmm, every part of the .desktop file is untrusted, including the=20
filename.  I wonder what makes sense to put instead, if anything.  I'd rath=
er=20
not leave the dialog completely devoid of a clue as to what the service is.=
 =20
(We will have the Exec=3D line once I get the Details button to work)

Regards,
 - Michael Pyne

--Boundary-01=_YKFoJzryeXCjpmL
Content-Type: text/html;
  charset="utf-8"
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd"><html><head><meta name="qrichtext" content="1" /><style type="text/css">p, li { white-space: pre-wrap; }</style></head><body style=" font-family:'Droid Sans Mono'; font-size:10pt; font-weight:400; font-style:normal;">On Saturday 21 February 2009, John Tapsell wrote:<br>
&gt; In the screenshot, the text service 'mileage tracker' comes from the<br>
&gt; untrusted .desktop file itself right?  So couldn't the malicious<br>
&gt; .desktop file put any service name?  Such as "system.  This is a vital<br>
&gt; service - so you must click continue or risk breaking your system."<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Yes.  Hmm, every part of the .desktop file is untrusted, including the filename.  I wonder what makes sense to put instead, if anything.  I'd rather not leave the dialog completely devoid of a clue as to what the service is.  (We will have the Exec= line once I get the Details button to work)<br>
<p style="-qt-paragraph-type:empty; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px; -qt-user-state:0;"><br></p>Regards,<br>
 - Michael Pyne</p></body></html>
--Boundary-01=_YKFoJzryeXCjpmL--

--nextPart4631794.RicpOlH8Pl
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEABECAAYFAkmgUpgACgkQqjQYp5Omm0rTAgCfcGC3cg6ttvmJCh1LGd/y8P3b
aRwAoM2VtbTwPdIindDepGI/u1/GHvkH
=ye8Q
-----END PGP SIGNATURE-----

--nextPart4631794.RicpOlH8Pl--