requiring .desktop files to be executable ?
Roland Harnau
truthandprogress at googlemail.com
Sun Feb 22 06:09:07 GMT 2009
2009/2/11 Alexander Neundorf <neundorf at kde.org>:
> here's an article and comments about potential security problems
> with "executing" .desktop files although they are not executable:
> http://lwn.net/Articles/318755/
Perhaps I'm a bit late, but I think the whole idea is rather dubious.
A .desktop file is executable if and only if it contains a (vaild)
Exec key, and according to the Desktop Entry Specification this key is
not required (e.g. .desktop files for Plasmoids do not contain them).
They simply don't fit in the classical UNIX permission scheme.
Roland
More information about the kde-core-devel
mailing list