requiring .desktop files to be executable ?
Roland Harnau
truthandprogress at googlemail.com
Tue Feb 24 22:53:11 GMT 2009
2009/2/23, David Faure <faure at kde.org>:
> On Monday 23 February 2009, Roland Harnau wrote:
>> Your commit addresses the direct security threat, but the question
>> remains in what way should the spec be extended. Requiring .desktop
>> files to have executable bit and shebang line dependent on an
>> optional key will for sure cause some inconsinstencies.
>
> It's not about the optional key Exec, it's about Type=Application desktop
> files. Ok that key is optional too, but Application is the default value. There are
> only a few kinds of desktop files, this security thing is about the Application
> kind. The plasma desktop files you are talking about are Type=Service desktop
> files, so those are completely unrelated to this (they certainly never end up in
> klauncher or KRun anyway).
Desktop files with Type=Service are not related to the
Type=Application (which should imply the Exec key) the ones by this
security issue, but they are clearly of the same file type. Setting
the executable bit not by file type but by some internal criteria
leads some oddities especially in the migration phase, e.g. a .desktop
file without exec bit can be
(1) not of Type=Application
(2) legacy with Type=Application
(3) possible harmful with Type=Application
and it is not easily possible to keep them apart, at least not
without parsing and applying some complex logic in the lines of what
Michael did.
> I don't see what the problem is.
>
>> Are there valid use cases for executable .desktop files in non-standard
>> locations at all?
>
> Yes, of course: .desktop files on your desktop for starting apps.
> You know, the way Windows users start all their apps :-)
Yes, but this usage is somewhat discouraged by the standard UI and
perhaps only an issue if folderview is used as desktop containment.
The Desktop folder is itself poses a problem because it is not only
used as location where several apps install their .desktop files, it
is also used as standard download folder (e.g. by Firefox). So, what
is worse - to remove this option completely or to nag the user to
death by a series of message box attacks?
Roland
More information about the kde-core-devel
mailing list