https://bugs.kde.org/show_bug.cgi?id=338492
--- Comment #11 from Michael <k...@callthecomputerdoctor.com> --- (In reply to Nate Graham from comment #10) > My thought was that since .EXEs contain executable code, parsing them for > icons contains the risk of executing maliciously-crafted code. But I have no > idea how the parsing is actually done, or even what it does (I have no > windows EXEs handy to test). It's trivial to turn that on by default too if > people find themselves feeling strongly about the matter. I'm not convinced that a user would even begin to wonder if an .exe was being executed to find its icon. That kind of thought would only come from a developer, not a user. But being developers, we can go beyond feelings and test our assumptions on the matter. Back when I was a full-time Windows programmer and I had to embed icons into my .exe's, I told VisualStudio "take this .ico file and embed it into the resulting .exe in your resource data chunk". It was a post-processing step. There are other bits of data that can be embedded into an .exe's resource data chunk, like menus, dialog layouts, images--not just icons. Microsoft talks about resource files when building .exe's here: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380599(v=vs.85).aspx There's actually a Windows tool that will allow you to inspect, add, remove resources in .exes so you can see that icons are resource types, and not related to code. http://angusj.com/resourcehacker/ There's a Linux command line tool that works with .exe resources too: http://man7.org/linux/man-pages/man1/windres.1.html Another thing to note: KDE running on an ARM CPU like a Raspberry Pi will still be able to view an x86 .exe's icons even though the CPU architectures are dissimilar. This is because the ARM doesn't need to execute x86 code to get to the icon resource. It just opens up the .exe and looks for the resource data chunk and parses that. Finally, if you need to have an .exe that has an icon in its resource chunk to test this, you can download ProcessExplorer here: https://download.sysinternals.com/files/ProcessExplorer.zip -- You are receiving this mail because: You are watching all bug changes.
