On Sunday 22 February 2009, Michael Pyne wrote: > On Sunday 22 February 2009, Andras Mantia wrote: > > On Sunday 22 February 2009, Michael Pyne wrote: > > > Michael Jansen reports that autostart needs an exception too. > > > > Well, we agreed with David Faure that it is not a good idea to have > > there an exception, as that is a user writable folder and the malicious > > website might say "save me in the autostart folder". ;) And I don't see > > a need to make it an exemption, rather the systemsettings module should > > make it executable when copies the .desktop file in the autostart folder. > > "apps", "services", and "xdgdata-apps" are all writable by the user in this > situation (a KDE install to $HOME) No, they are _always_ writable by the user. xdgdata-apps includes ~/.local/share/applications. If your revised patch warns when starting desktop files from there, then we need to change KOpenWithDialog to +x desktop files too, when checking "remember this application" and it creates a desktop file... I was assuming we didn't want to do that though, and that we accepted ~/.local/share/applications/ in the whitelist. OK, I agree that Autostart is rather similar (it's just a bit less hidden), so I'm ok with whitelisting both. The trojan case will most likely not be saved in either one of these dirs, if the user thinks it's not a desktop file in the first place. > , so checking the prefix doesn't change > anything with regard to security, as the malicious website may say to "save me > in `kde4-config --install apps`. Well, that would seem utterly suspicious too :-) (yes just like Autostart, so I'm changing my mind about that one). A website that asks you to save a document into a very specific place should come up as suspicious to anyone; if it doesn't to someone (for lack of understanding), then an extra warning isn't going to help anyway... > On that note it would be nice to have an official public API in KStandardDirs > for figuring out where KDE was installed to. No. It's not there, on purpose. Because there is actually no such notion. Distributions can install KDE into /usr and have config in /etc and have other things in other dirs. This is exactly why KStandardDirs exists: to add a layer between apps and "the kde install dir" in order to support such things. -- David Faure, faure@kde.org, sponsored by Qt Software @ Nokia to work on KDE, Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).