Sam Watkins wrote: > Does anyone other than me think my proposed solution might be the right > thing to do? or can you offer some "tweaks" and criticisms to make it > better? If so, I'm happy to have a go at implementing it.
I still don't see the advantage of requiring +x for .desktop files. As pointed out several times in this thread there are several ways for an attacker to set the +x bit on a .desktop. For example, placing the virus.desktop in a archive with +x set. The user would then extract the archive and voila. Also, most "good" software will tell people to "chmod +x $filename", just like "bad" software will do. There's no way for the user to tell whether it's really safe to follow the advice (except looking at the Exec field, but that requires knowledge about the various common shell commands). There's also another scenario not yet covered by this thread: An attacker with access to the file system could simply create a myfile.png.desktop in /tmp (or another world writable directory, which the user is likely to visit from time to time) with a faked Icon, that looks like a thumbnail of a PNG file (maybe just a PNG file from the users home dir), chmod +x myfile.png.desktop and wait for the user to double click it. Dunno how relevant this case is in reality, but it demonstrates that the +x bit requirement doesn't provide any advantages over non-executable .desktop files. And in the same light: The user double-clicks a .desktop file without +x bit set. The file manager will consider this file "unsafe" as you said, and popup a dialog which says "The file is unsafe, blah, blah..." and includes the value of the Exec field. Now imagine this user is just an average desktop computer user and knows only a few basic shell commands. How likely is it that this user would know what's going on here? Very unlikely, indeed. So, he/she will probably just click "Run anyway", or a more advanced user will maybe google for the problem and find a forum which talks about this problem and suggests to "chmod +x $filename" to solve it. The "solution" would only help to protect skilled users, who are able to interpret the Exec value properly. And these skilled users will most probably don't "execute" malware anyway, because they are experienced at guessing what kinds of mails/attachments are safe. The majority of users will remain vulnerable to ".desktop file attacks" in one or the other way. > Sam Benedikt _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
