Scary .desktop behaviour
Matt Zimmerman
mdz at canonical.com
Wed Jan 5 12:18:57 CST 2005
On Wed, Jan 05, 2005 at 02:10:06PM +0100, Sebastien Bacher wrote:
> Le mercredi 05 janvier 2005 à 13:43 +0100, a-aa a écrit :
>
> > In hoary upgrade/install set all .desktop files +x. You can have .deb
> > packages run some kind of config right. Should be easy enough to run a
> > find /home/ -name 'Desktop/' or something to chmod u+x every *.desktop
> > file.
>
> Changing the user files in a package script is wrong, it won't fix the
> issue with the new created files, etc ..
>
> BTW I would like to get the advice of the security guys on this issue.
> Martin, Matt ... any opinion on this ?
The only problem I can see would be if the file in nautilus doesn't "look
like" something which would be executed if the user activates it, and yet it
is.
Does nautilus even have a consistent way to represent files which are
executable?
--
- mdz
More information about the ubuntu-devel
mailing list