requiring .desktop files to be executable ?
Roland Harnau
truthandprogress at googlemail.com
Mon Feb 23 06:55:34 GMT 2009
2009/2/22, Michael Pyne <mpyne at purinchu.net>:
> On Sunday 22 February 2009, Roland Harnau wrote:
>> Perhaps I'm a bit late, but I think the whole idea is rather dubious.
>> A .desktop file is executable if and only if it contains a (vaild)
>> Exec key, and according to the Desktop Entry Specification this key is
>> not required (e.g. .desktop files for Plasmoids do not contain them).
>> They simply don't fit in the classical UNIX permission scheme.
>
> The subset of .desktop files with a valid Exec= key on the other hand
> certainly should fit within that scheme however.
Sure, and if your shoes don't fit you can chop off toes and heels to
make them fit.
Your commit addresses the direct security threat, but the question
remains in what way should the spec be extended. Requiring .desktop
files to have executable bit and shebang line dependent on an
optional key will for sure cause some inconsinstencies. Are there
valid use cases for executable .desktop files in non-standard
locations at all? If the prototypical user starts applications via
dedicated application launchers (Kickoff or KRunner) or the CLI these
files could be treated as simple text files.
Roland
More information about the kde-core-devel
mailing list