Travis Watkins wrote: >>Shouldn't be a problem. The editor will automatically sign the file when >>saving, and there could also be a simple CLI frontend (probably as part >>of desktop-file-utils, for people who want to edit .desktop files with a >>generic text editor), which can be used to sign .desktop files with the >>users (autogenerated) key. > > So now all $EVIL_APP has to do is run that command line util and it's > good to go. Of course, in this case we're trying to stop $EVIL_APP > from getting installed from just a .desktop file so I guess it's > better than what we have now.
If $EVIL_APP has access to the system to run commands or read the users home dir, then it's already too late. There's no need to protect .desktop files afterwards, as $EVIL_APP could already run the commands that would otherwise be put into the Exec field. Benedikt _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
