A viable strategy would be to start creating .desktop files with +x set and a #!/usr/bin/xdg-open line now and then to wait a while before environments actually start requiring it. In the meantime there could be some config setting that people/distributions can use to enable it before that time.
Waldo Bastian Linux Client Architect - Client Linux Foundation Technology Channel Platform Solutions Group Intel Corporation - http://www.intel.com/go/linux OSDL DTL Tech Board Chairman >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:xdg- >[EMAIL PROTECTED] On Behalf Of Thomas Leonard >Sent: Monday, April 10, 2006 1:27 PM >To: [email protected] >Subject: Re: Security issue with .desktop files revisited > >On Mon, 10 Apr 2006 04:58:28 -0700, Sam Watkins wrote: > >> Waldo Bastian wrote: >>> I think it's a sane idea to require +x on .desktop files in order for a >file >>> browser or "Desktop" to execute the .desktop file. It shouldn't be too >much >>> of a problem to add a #!/usr/bin/xdg-open line to the format either, >although >>> it my take a while before applications actually start to add that. >> >> Thank-you very much for the encouragement Waldo :) >> >> I'll have a go at implementing my proposal soon, God willing. >> >> If anyone knows of particular bits of gnome, kde and xfce that are >> responsible for executing, creating and editing .desktop files, >> would you please let me know to save me having to hunt around? >> >> Also do you know of any other environments, utilities, etc. out there >> that use, create or manipulate .desktop files? Maybe there's a list >> somewhere? > >Well, in ROX-Filer diritem.c, delete this: > > else if (item->mime_type == application_x_desktop) > { > item->flags |= ITEM_FLAG_EXEC_FILE; > } > >But, I doubt you'll have much success getting patches applied until >*after* .desktop files come with +x by default ;-) > > >-- >Dr Thomas Leonard http://rox.sourceforge.net >GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1 > > >_______________________________________________ >xdg mailing list >[email protected] >http://lists.freedesktop.org/mailman/listinfo/xdg _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
