--nextPart3739365.TR9Y6PFBOV Content-Type: multipart/alternative; boundary="Boundary-01=_IBdoJk4ElUCIn5h" Content-Transfer-Encoding: 7bit --Boundary-01=_IBdoJk4ElUCIn5h Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable On Sunday 22 February 2009, Andras Mantia wrote: > On Sunday 22 February 2009, Michael Pyne wrote: > > Michael Jansen reports that autostart needs an exception too. > > Well, we agreed with David Faure that it is not a good idea to have > there an exception, as that is a user writable folder and the malicious > website might say "save me in the autostart folder". ;) And I don't see > a need to make it an exemption, rather the systemsettings module should > make it executable when copies the .desktop file in the autostart folder. "apps", "services", and "xdgdata-apps" are all writable by the user in this= =20 situation (a KDE install to $HOME), so checking the prefix doesn't change=20 anything with regard to security, as the malicious website may say to "save= me=20 in `kde4-config --install apps`. The reason I didn't notice in my own setup is that I use sudo to install to= =20 make the kscreensaver_lock work. Regards, - Michael Pyne --Boundary-01=_IBdoJk4ElUCIn5h Content-Type: text/html; charset="iso-8859-15" Content-Transfer-Encoding: 7bit
On Sunday 22 February 2009, Andras Mantia wrote: