Alexander Larsson wrote: > So, there has been a lot of attention on the internets recently about > the the desktop file "virus" issue. > > I think its all pretty overblown, and any solution we have that doesn't > completely neuter the feature will just involve users learning to work > around the issue in cases where this is correct, and thus are likely to > do this when they are targets of an actual attack.
What is the attack? Get someone to download a .desktop file off a web page? Is there any situation where that *should* work? I'd say, something like: if they double click on a non-"trusted" .desktop file, give an error saying "The file %s looks like an application launcher, but it is broken and cannot be opened." with a "More Details" button that explains "For security reasons, launchers that are not installed in system directories must have the executable bit set". Do not provide a button to fix the problem or a link to further help. If the user doesn't know what "the executable bit" means, and how to fix it themselves, then they would not have been playing around with desktop files in a way that would have triggered the dialog, and so the most likely guess is that they're being hacked. -- Dan _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list