[PATCH] .desktop security ++
Michael Pyne
mpyne at purinchu.net
Sun Feb 22 16:15:58 GMT 2009
On Sunday 22 February 2009, Randy Kramer wrote:
> What is the security concern that prompts the suggestion to open the
> property dialog in the first 10 minutes after creating it? Is it a
> concern that some unauthorized person walks up to a PC, installs
> something insecure and then proceeds to use it?
I just figure that if we're worried about the scenario where someone is
tricking into opening a trojan .desktop file, the creation time is the only
bit of meta-data on the file which can't be controlled by the attacker, and
users who have had their own launchers would presumably have taken more than
10 minutes to upgrade from 4.2. Just a thought is all.
Regards,
- Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090222/7bb551c1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20090222/7bb551c1/attachment.sig>
More information about the kde-core-devel
mailing list