Scary .desktop behaviour
Arnold Maestre
arnold.maestre at gmail.com
Wed Jan 12 06:25:00 CST 2005
On Thu, 06 Jan 2005 15:30:27 +0000, Scott James Remnant
<scott at netsplit.com> wrote:
> On Mon, 2005-01-03 at 18:55 -0500, Mark Roach wrote:
>
> > I need to file a bug about this, but this list was handy and I figure
> > folks here will care...
> >
> > Nautilus does not appear to require .desktop files to be executable.
> > (This is bad, right?)
> >
> I don't think requiring them to be executable is sufficient, we need to
> actually think very carefully about who can run them in the first place.
>
> Example: multi-user system, where someone sticks the attached in their
> home directory.
>
> That could do any number of nasty things to the other user, even if we
> required +x.
I'm missing the point here. I tried downloaded the kill-root.desktop
thingie, put it on my desktop, where it appeared as "example.desktop",
glanced at the content with a text editor, found it funny, so I
double-clicked the icon to see the nice message box and... Nautilus
told me something along the line of "Unable to display
"long/and/real/file/name" no suitable program found", (freely
translated from french", so I guess one of my configuration choices
made it impossible for me to fall for this trick. Any idea ?
--
Arnold Maestre
--
Arnold Maestre
More information about the ubuntu-devel
mailing list