[kde-linux] Program Warning Messages
1i5t5.duncan at cox.net
Tue Mar 23 04:22:48 UTC 2010
Kevin Krammer posted on Mon, 22 Mar 2010 20:59:31 +0100 as excerpted:
> On Monday, 2010-03-22, David Baron wrote:
>> I finally got my daughter's account going in kde4.4. Copied her .kde3
>> .kde and loggod on. Eventually, she had a desktop. Set her up with the
>> desktop folder containment and all her icons are there.
>> Whenever she clicks one, say to play the selected game, a box comes up
>> confirming whether the selected program can be trusted. I never say
>> this on any other user, kde3, kde4, nothing.
>> How do I get rid of this?
> I think this is an additional security measure  when .desktop files
> are "run" but don't have the executable bit set.
> So this should be solvable by changing these files' properties to have
> the "x" bit set.
>  there has been a lengthy discussion around this topic on the main
> freedesktop.org list some time ago.
> Basically the problem is that .desktop files were originally intended to
> be used by starter menu implementation and then got used for desktop
> icons/links as well due to the similar requirements.
> Unfortunately "running" .desktop files did not require the executable
> bit to be set and since they can run any command they could be used to
> easily trick people into running bad things.
> Thus the additional warning but not requiring executable bit for
> compatibility (this might be changed in the future)
Someone else had posted a question about that a few months ago, and I
remembered that it was security issue related, but couldn't remember the
details, so all I could do was mention that it was a security issue and
suggest that they google. At least I was able to point them in the right
direction, but not much more.
Your post refreshed my memory.
A bit more detail, now that I remember it... The issue is one of
indirection, and that it's quite easy to associate any random icon and any
random action with any particular *.desktop icon, and the fact that the
directories in question are user writable.
In theory, it could be possible under some circumstances to place a
*.desktop file with some relatively innocuous but common icon (say...
firefox), but linked to some anything-but-innocuous action, say...
rm -rf .* (which run as a user won't delete the entire system as it could
if run as root, but deleting all of a user's home dir could be considered
as bad, as a system can be reinstalled, but unless the user has
The argument was that the command line in a *.desktop file is in reality
executed, much like a one-line script, that as such, they should require
the executable bit set, and that the fact that any old icon can be
associated with them makes the problem worse. Requiring the executable
bit to "run" them isn't not a lot of protection, but people are used to
being a bit more cautious with executables than with data files, which is
what these were treated as, before.
System desktop files, as one might find them under /usr/share, for
instance, are a bit different in that normally they can only be written as
root, and if root or system installed packages are compromised, whether
*.desktop files are executable or not is the least of one's worries.
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
More information about the kde-linux