Scary .desktop behaviour
Nathan R. Valentine
nathan at nathanvalentine.org
Tue Jan 4 14:25:10 UTC 2005
> Exactly, and they're not automatically made executable when saved. The
> user has to explicitly make them executable, and thus be pretty aware
> that what they're about to do could be bad.
Not true in my case. I downloaded the attached file, saved it to a tmp
folder, browsed to the saved location using Nautilus, and double-clicked
the file. It ran the command in the Exec parameter with no need to make
the file executable or any other tinkering. This is very similar to the
various extension hiding PIF/etc. file problems with explorer.exe on
Windows.
This needs to be fixed.
I'm not a Nautilus expert but I'm surprised that the default action for
non-executables without the execute bit set, including scripts, is not
"Open" with a text editor. That would seem to be the logical (most
secure) default setting.
--
Nathan R. Valentine <nathan at nathanvalentine.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050104/c4c48dd3/attachment.sig>
More information about the ubuntu-users
mailing list