Scary .desktop behaviour
Julien Olivier
julo at altern.org
Tue Jan 4 10:54:18 CST 2005
Le mardi 04 janvier 2005 à 14:58 +0100, Sebastien Bacher a écrit :
> Le mardi 04 janvier 2005 à 14:35 +0100, Julien Olivier a écrit :
>
> > As I understand it, .desktop files are the only ones that can be sent
> > attached in an email and executed right after being downloaded without
> > any manipulation (apart from right-clicking it).
>
> In which software ? In my evolution I can only save the file.
>
That's right, but after saving it, you can double-click it and it will
run. If you thought it was a document, it's not unusual to double-click
on it after saving it.
>
> > More over, as
> > the .desktop file appears in Nautilus as "GoodDocument.doc" instead of
> > "GoodDocument.doc.desktop", it is easy to make users believe that it is
> > *not* executable while it is.
>
> It appears according to the name set in the desktop file ...
>
Yes, that's the correct behaviour, but it can be used to trick users in
making them think it's a document of another kind, like an MP3, OGG,
JPEG or DOC, especially combined with the use of a corresponding icon.
>
> > IMHO, this problem is a critical security issue, even if it can only
> > affect the user's files (which are often the most important ones).
>
> I got the point any suggestion to improve that ? I've no real idea of
> what could be better than the actual system.
>
Well, Nautilus could prevent the execution of .desktop files that are
not executable. Of course that means all the .desktop files created the
normal way (through the "create a new launcher" command in nautilus)
should automatically be set as executable by Nautilus.
Of course, it would pose the problem of old .desktop files (not
executable). I guess that if this change is made in Nautilus, all the
existing .desktop files in the user's folder should be set to executable
the first time the modified Nautilus is run.
--
Julien Olivier <julo at altern.org>
More information about the ubuntu-devel
mailing list