Hi, After digging trough the mailing list archives I think I've come up with a solution to the security problems with .desktop files (they can have icons of other file types display any filename).
The idea is to show a warning dialog when an untrusted .desktop file is encountered, and optionally remember the user's choice (for example, with a "Always trust" button). A .desktop file would be considered untrusted if it's not owned by a "system" user (i.e. root, bin, etc.), and it's filename is not included in one of the "trusted .desktop files"-files (see below). Files placed in hidden directories (like ~/.local/share/applications/ and ~/.gnome2/panel2.d/default/launchers/) would always be considered trusted since they user is unlikely to download files to there. The "trusted .desktop files" files are plain text files with one trusted path per line (which can be a file but also a directory). Paths should be allowed to begin with ~/ so files can be trusted independently of the user name. There would be one system-wide file (located in /etc/) and one per-user file (located in each user's home directory). Pros: * Doesn't require any changes to the .desktop file format * Doesn't require special software, file systems, etc.. * Since most .desktop file are either installed as root, or installed to a hidden directory, most .desktop files should work out-of-the-box without any warning dialogs. * Probably not very hard to implement. * Allows distributions and administrators to trust files/directories (that are placed on users' desktops, for example). Cons: * .desktop-files need to be granted once again if they're moved. * Entries in the "trusted .desktop files" file will not be deleted when the .desktop file is deleted. * Programs that create .desktop files on the desktop (~/Desktop) will need to be modified to add their .desktop files to the "trusted .desktop files" file or the user will see the warning dialog the first time he uses them (Firefox saves downloaded files to ~/Desktop by default so we can't trust that directory). Do you think this is a good solution? Or is there something that I forgot to think of? -- Samuel _______________________________________________ xdg mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/xdg
