Trusting .desktop files
Sebastian Kügler
sebas at kde.org
Sat Feb 11 15:34:54 UTC 2017
On Saturday, February 11, 2017 7:24:11 AM UTC Martin Gräßlin wrote:
> What I don't like in general is that this is all happening as $user.
> Thus any malicious program running as $user can also just change the
> list of trusted Exec= values.
>
> So my suggestion is: let's use polkit.
>
> The list of trusted .desktop files must be root owned and per user.
> Everytime a user asks for executing a not known (or changed) desktop
> file, it goes through polkit. To detect changes of the desktop file I
> would suggest to store the shasum of the desktop file in addition. This
> would prevent malicious programs to just change the desktop file.
>
> What do you think? Sensible? Too much?
I like the approach, though it does sound a bit like overkill. But then, going
the extra mile to improve security is right within our mission, so I think the
approach is feasible, as it provides a lot of value for what we regard as our
core competence.
I can imagine this mechanism to be useful for other things as well, such as
scripts, binaries and such that are user-writable.
--
sebas
http://www.kde.org • http://vizZzion.org
More information about the Kde-frameworks-devel
mailing list