Scary .desktop behaviour

Arnold Maestre arnold.maestre at
Wed Jan 12 06:25:00 CST 2005

On Thu, 06 Jan 2005 15:30:27 +0000, Scott James Remnant
<scott at> wrote:
> On Mon, 2005-01-03 at 18:55 -0500, Mark Roach wrote:
> > I need to file a bug about this, but this list was handy and I figure
> > folks here will care...
> >
> > Nautilus does not appear to require .desktop files to be executable.
> > (This is bad, right?)
> >
> I don't think requiring them to be executable is sufficient, we need to
> actually think very carefully about who can run them in the first place.
> Example:  multi-user system, where someone sticks the attached in their
> home directory.
> That could do any number of nasty things to the other user, even if we
> required +x.

I'm missing the point here. I tried downloaded the kill-root.desktop
thingie, put it on my desktop, where it appeared as "example.desktop",
glanced at the content with a text editor, found it funny, so I
double-clicked the icon to see the nice message box and... Nautilus
told me something along the line of "Unable to display
"long/and/real/file/name" no suitable program found", (freely
translated from french", so I guess one of my configuration choices
made it impossible for me to fall for this trick. Any idea ?
Arnold Maestre

Arnold Maestre

More information about the ubuntu-devel mailing list