On Tue, 24 Feb 2009 23:44:31 +0100, Yves-Alexis Perez wrote: > > here is > > a .desktop file that looks like it is iceweasel, but really it > > downloads an essentially random file, but I could have made it do > > pretty much anything. > > Yes, tests may need to be narrowed. That should be part of the spec, > though.
It seems like it will error-prone, troublesome, and a lot of work to come up with enough robust test cases that can prevent all potential attack vectors (especially if its on a deny per-application basis). Does it even make sense for anyone to be spending time on this? Ultimately there are going to be holes, and thats where attackers will get through; they have a lot more time to mess around and think about this stuff than most of us. Requiring '+x' has got to be the best, easiest, most straightforward, and most robust solution on the table. In order for a malicious launcher file to work, users will have to be smart enough to be able to use chmod, and if that's the case then they'll know something suspicious is going if someone tells them to do it. Chmod is required because, for example, thunar does not allow the user to modify the executable bit and I hope nautils/dolphin behave the same) It's going to take some effort to get this solution implemented, but its the right thing to do, and Debian should plan to proceed forward with that. Regards, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org