Update on progress [PATCH]
Michael Pyne
mpyne at purinchu.net
Sat Feb 21 19:14:31 GMT 2009
On Saturday 21 February 2009, John Tapsell wrote:
> In the screenshot, the text service 'mileage tracker' comes from the
> untrusted .desktop file itself right? So couldn't the malicious
> .desktop file put any service name? Such as "system. This is a vital
> service - so you must click continue or risk breaking your system."
Yes. Hmm, every part of the .desktop file is untrusted, including the
filename. I wonder what makes sense to put instead, if anything. I'd rather
not leave the dialog completely devoid of a clue as to what the service is.
(We will have the Exec= line once I get the Details button to work)
Regards,
- Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/21f65dd9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090221/21f65dd9/attachment.sig>
More information about the kde-core-devel
mailing list