On Mon, 2006-04-03 at 09:48 -0400, Rodney Dawes wrote: > On Sun, 2006-04-02 at 22:29 -0700, Sam Watkins wrote: > > 1. do you agree that this is a serious security problem? > > I don't think it is a serious security problem. While it does expose > the ability to run shell commands from the .desktop file, it doesn't > seem likely that many people will do it. I mean, Windows has had > shortcut files which are pretty much exactly the same as our .desktop > files, and you never hear of anyone doing specific attacks like you > suggest would be done. There are much more interesting ways to do them, > than to have a .desktop file with an icon/label that lies about itself. > Uh, PIF file attacks were very common for a long time in Windows.
Scott -- Have you ever, ever felt like this? Had strange things happen? Are you going round the twist?
signature.asc
Description: This is a digitally signed message part
_______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
