requiring .desktop files to be executable ?

Kevin Ottens ervin at kde.org
Fri Feb 13 18:08:11 GMT 2009


On Friday 13 February 2009 12:28:14 Andras Mantia wrote:
> On Friday 13 February 2009, David Faure wrote:
> > Kevin Ottens and I had the idea of doing this slightly differently
> > btw: we could require +x when the desktop file is not in a standard
> > directory for desktop files. This would allow to catch "save this
> > file in your home or on your desktop" without breaking all the
> > desktop files already distributed with applications.
>
> I'd say to be consistent, and require that every desktop file needs to
> have the exec bit set. [...]
>  The real problem anyway is the upgrade path after this change is
> introduced. [...]

Hence why requiring the +x bit everywhere would be shortsighted. Requiring it 
only in non standard places is a much much better upgrade path IMO. You can 
keep it this way and be backward compatible. This way you can wait until the 
standard is changed *and* most software are following it before making the +x 
bit mandatory everywhere.

@David: But honestly reusing the small mimetype trick we discussed yesterday 
to identify the desktop files which try to fool the user has my preference. 
Moreover this way it'd avoid potential malware even if they have the +x bit 
(after all could have been copied via fish:// for instance which keeps this 
bit if I'm not mistaken). It's harder to do it right though.

Regards.
-- 
Kévin 'ervin' Ottens, http://ervin.ipsquad.net
"Ni le maître sans disciple, Ni le disciple sans maître,
Ne font reculer l'ignorance."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090213/330920b7/attachment.sig>


More information about the kde-core-devel mailing list