Joe Baker wrote: >What about when the KDE desktop is deployed on top of a FAT32 filesystem >which doesn't allow for UNIX style file attributes? The desktop system >introduced this vulnerability, it should close it within it's own >architecture.
First of all, this doesn't work. I don't think KDE runs on top of FAT32
since that filesystem is too limited (I think we require hardlinking). I
might be wrong, though.
Second, as has been explained, if you can't have +x/-x security,
then .desktop files aren't the problem. Scripts and other binaries will
become executable too without user intervention. So we go back
to .desktop and other executables being on the same boat.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
pgp8GuhPSZpv7.pgp
Description: PGP signature
_______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
