From kde-core-devel  Mon Feb 23 06:55:34 2009
From: Roland Harnau <truthandprogress () googlemail ! com>
Date: Mon, 23 Feb 2009 06:55:34 +0000
To: kde-core-devel
Subject: Re: requiring .desktop files to be executable ?
Message-Id: <476f836a0902222255h76ece4do7928f54c80028250 () mail ! gmail ! com>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=123537217012549

2009/2/22, Michael Pyne <mpyne@purinchu.net>:
> On Sunday 22 February 2009, Roland Harnau wrote:

>> Perhaps I'm a bit late, but I think the whole idea is rather dubious.
>> A .desktop file is executable if and only if it contains a (vaild)
>> Exec key, and according to the Desktop Entry Specification this key is
>> not required (e.g. .desktop files for Plasmoids do not contain them).
>> They simply don't fit in the classical UNIX permission scheme.
>
> The subset of .desktop files with a valid Exec= key on the other hand
> certainly should fit within that scheme however.

Sure, and if your shoes don't fit you can chop off  toes and heels  to
make them fit.
Your commit addresses the direct security threat, but the question
remains in what way should the spec be extended. Requiring .desktop
files to have  executable bit and shebang line dependent on an
optional key will for sure cause some inconsinstencies.  Are there
valid use cases for executable .desktop files  in non-standard
locations at all? If the prototypical user  starts applications via
dedicated application launchers (Kickoff or KRunner) or the CLI these
files  could be treated as simple text files.


Roland