Rodney Dawes wrote: >actually use their computer. And .desktop files are in fact data and >not executable scripts. Requiring +x just requires you to make them >behave more like scripts.
The fact that you can write a whole shell script in the Exec= line
makes .desktop files de-facto scripts. They are shell scripts with a
special syntax and one that allows you to change the icon.
>We need to fix the semantics of the Icon field as well. This is actually
>easy to specify for common desktop applications. We can just rely on the
>naming scheme for application icons that is in the Icon Naming
>Specification, and specify the proper way to deal with types of .desktop
>files which are not Type=Application as well, such as links to webdav or
>smb shares.
Agreed. This makes sense.
>Users are going to just get into the habit of always doing chmod
>+x, as we have already been doing for perl/python/etc... scripts that
>we download off the web.
If they have that habit, they may be doing even nastier things than what a
shell script is capable of. A Perl script could be complex enough to
install backdoors and log keystrokes.
>Setting +x is not a solution, it's a problem.
I don't see how enforcing the bit could cause more harm than right now.
--
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
thiago.macieira (AT) trolltech.com Trolltech AS
GPG: 0x6EF45358 | Sandakerveien 116,
E067 918B B660 DBD1 105C | NO-0402
966C 33F5 F005 6EF4 5358 | Oslo, Norway
pgpxG4KghtXRR.pgp
Description: PGP signature
_______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
