Blocking execution of non-exec things
nalimilan at club.fr
Mon Jan 18 16:40:52 GMT 2010
Le lundi 18 janvier 2010 à 10:09 -0600, Ted Gould a écrit :
> Maybe I'm confused, but it seems like we're not "executing" the .desktop
> file, were executing what is on the "Exec" line of the desktop file. It
> would seem that what ever is first on that line should have +x, not
> necessarily the desktop file itself.
The issue with "virus" .desktop files is that they could run trusted
executables with arguments you wouldn't expect. Think of
Exec=rm -Rf ~
> That would lead to the question, is there a list of "wrapper" utilities?
> It would seem that the easiest hack around that technique would be "nice
> myvirus" as nice would be executable. (and while I don't want viruses
> stealing excess CPU, that doesn't solve the real problem).
That's another risk, but we don't fear as much third-party programs than
our own tools when used with the intent of damaging your files. I can't
see how non-Ubuntu programs installed on the computer and run via
a .desktop file would be the central issue here: if they have reached to
this stage, they could have destroyed what they wanted anyway.
So the problem is more with seemingly safe little text files called e.g.
"My Pics.desktop" that wouldn't ask for any privileges, but bite our
systems with its own weapons (even if only personal files can be
More information about the ubuntu-desktop