Mike Hearn wrote:
[...]
To reiterate, the security problem here is that something which is a
program can make itself look like a document by using a .desktop file.
Right, that was the initial problem. But your proposals to use the +x
permission bit to fix it creates a lot more security issues that they
fix. Claiming they are unrelated is ridiculous.
The fact that +x bits have some other meaning for shell scripts and
> ELF files isn't related .....
The meaning of the +x bit is defined by the exec() Unix system call. It
does not matter to that system call whether the file is a shell script,
an ELF binary or a desktop file. You can say what you want, it *is* related.
When considering security issues you must always consider the whole
system, not just the one small aspect you are interested in. Failure to
do so results in opening more security holes than you plug.
--
Francois Gouget
[EMAIL PROTECTED]
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
