[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: requiring .desktop files to be executable ?
From:       Roland Harnau <truthandprogress () googlemail ! com>
Date:       2009-02-22 6:09:07
Message-ID: 476f836a0902212209k7a06cf42y83327217f52d4e74 () mail ! gmail ! com
[Download RAW message or body]

2009/2/11 Alexander Neundorf <neundorf@kde.org>:
> here's an article and comments about potential security problems
> with "executing" .desktop files although they are not executable:
> http://lwn.net/Articles/318755/

Perhaps I'm a bit late, but I think the whole idea is rather dubious.
A .desktop file is executable if and only if it contains a (vaild)
Exec key, and according to the Desktop Entry Specification this key is
not required (e.g. .desktop files for Plasmoids do not contain them).
They simply don't fit in the classical UNIX permission scheme.

Roland
[prev in list] [next in list] [prev in thread] [next in thread]