On Tue Apr 4 20:03:14 2006, Mark Seaborn wrote:
A user might receive a tar file as an attachment, open it
(presumably
causing it to be unpacked to a temporary directory), double-click
the
.desktop file -- and thereby give an untrusted program access to
their
whole user account without warning.
a) They could do that with a binary, too, or a shell script. This is
not special to .desktop files, whether +x or not.
b) Double-clicking on a .desktop file in file-roller opens it in
gedit. (Whether it's +x or not, as it happens, because I checked).
c) Does mandating +x make things harder, or easier, for an attacker?
Dave.
--
You see things; and you say "Why?"
But I dream things that never were; and I say "Why not?"
- George Bernard Shaw
_______________________________________________
xdg mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/xdg
