create a boot-able disk from an iso file

[MR ZenWiz]

On Thu, Jan 13, 2011 at 12:47 PM, Boggess Rod <rboggess at tenovacore.com> wrote:
>
> I don't claim to be an expert on this, but there are files called
> something like *.desktop? They behave similar to old windows PIF
> (Program Information Files) that allow GNOME (or KDE) to associate a
> file with an application. Here's where I read about it (though it hardly
> seems alarming): http://www.geekzone.co.nz/foobar/6229
>

As alarming as that article is, and it's a very good read - thank you,
that hole appears to have been plugged at least as of Maverick and
Gnome 2.32.

I tested this by copying bluetooth-applet.desktop from my
.config/autostart directory into a temporary that I planned to run as
a test and modified the shell line to do a simple echo command, then
deleted the "X-GNOME-Autostart-enabled=false" line and copied it to my
desktop, then double-clicked on it.  I get a pop-up window that says
this:

Untrusted application launcher
The application launcher "test.desktop" has not been marked as
trusted. If you do not know the source of this file, launching it may
be unsafe.

Just for fun, I also did this with the bluetooth-applet.desktop, and
it got the same warning.  To be on the thorough side, I also added
"X-GNOME-Autostart-enabled=true" to the end of my test file and it
still refuses to launch.  Finally, I copied a launcher that I know
does get executed when I log in to a test launcher, modified it to do
something harmless, copied it to my desktop and blam - same error.

Still, I confess that I'm not at all clear how Gnome knows that these
launchers should not be trusted - there doesn't appear to be anything
in the file itself, nor in its (nautilus) properties, that so
indicates.

Conclusion: Keep your wits about and trust nothing when it comes to
possible exploits, but be aware of what does and does not work, too.