Re: Trusting .desktop files

2017-02-11 Thread Sebastian Kügler
On Saturday, February 11, 2017 7:24:11 AM UTC Martin Gräßlin wrote: > What I don't like in general is that this is all happening as $user. > Thus any malicious program running as $user can also just change the > list of trusted Exec= values. > > So my suggestion is: let's use polkit. > > The list

Re: Trusting .desktop files

2017-02-10 Thread Martin Gräßlin
Am 2017-02-10 19:56, schrieb Fabian Vogt: Hi, The reddit post "How to easily trick $FILE_MANAGER users to execute arbitrary code" (https://www.reddit.com/r/linux/comments/5r6va0) spawned a discussion about .desktop files. Thanks for bringing up this important topic! (Although I get more and m

Trusting .desktop files

2017-02-10 Thread Fabian Vogt
Hi, The reddit post "How to easily trick $FILE_MANAGER users to execute arbitrary code" (https://www.reddit.com/r/linux/comments/5r6va0) spawned a discussion about .desktop files. This is normally just a minor security issue as it requires manual user interaction. However, Plasma's ineffective