Scary .desktop behaviour
a-aa
a-aa at hollowtube.mine.nu
Wed Jan 5 06:43:36 CST 2005
Sebastien Bacher wrote:
>>Well, Nautilus could prevent the execution of .desktop files that are
>>not executable. Of course that means all the .desktop files created the
>>normal way (through the "create a new launcher" command in nautilus)
>>should automatically be set as executable by Nautilus.
>>
>>
>
>An executable file is something you can run, even out of GNOME, no ?
>That's not the case of a .desktop ...
>
>BTW are the file modes kept over mail ? And what will prevent you to get
>an archive with a such file in it ?
>
>
No, filemodes are not kept through email, and if you get an archive file
with a document in it called something.desktop, it's atleast a bit less
likely you'll instantly run it. This is a big security risk imo.
>>Of course, it would pose the problem of old .desktop files (not
>>executable). I guess that if this change is made in Nautilus, all the
>>existing .desktop files in the user's folder should be set to executable
>>the first time the modified Nautilus is run.
>>
>>
>
>Yes, that would be a real mess ...
>
>Any better idea/suggestion ?
>
>
In hoary upgrade/install set all .desktop files +x. You can have .deb
packages run some kind of config right. Should be easy enough to run a
find /home/ -name 'Desktop/' or something to chmod u+x every *.desktop
file. Or alternatly run through /etc/passwd and find the homedir for
every user.
More information about the ubuntu-devel
mailing list