On Thursday 23 March 2006 14:13, Mike Hearn wrote: > A while ago it was discussed how .desktop files made us vulnerable to the > same problems Windows and OS X have had with executable files pretending > to be data files. At the time nothing was done, as it was a theoretical > possibility. One enterprising hacker (Peter Lund) has now managed to make > a .desktop file which is simultaneously a valid shell script, in other > words, you can put any code you like in it and it'll run without any > network access. Such a .desktop file can appear to be anything you want > such as a JPEG image.
I wonder why desktop files get 'executed' at all. Only the programs that display the desktop and the menu need to run what's described in a desktop file. For everything else the default action could be just like the one for text/plain, ie launch an editor. cu Ludwig -- (o_ Ludwig Nussel //\ SUSE LINUX Products GmbH, Development V_/_ http://www.suse.de/ _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
