On Fri, 2009-02-20 at 11:44 -0500, Dan Winship wrote: > Alexander Larsson wrote: > > So, there has been a lot of attention on the internets recently about > > the the desktop file "virus" issue. > > > > I think its all pretty overblown, and any solution we have that doesn't > > completely neuter the feature will just involve users learning to work > > around the issue in cases where this is correct, and thus are likely to > > do this when they are targets of an actual attack. > > What is the attack? Get someone to download a .desktop file off a web > page? Is there any situation where that *should* work?
The more likely attack vector is a mail with "save this nude picture on the desktop and click on it". However, there are valid uses. For instance if you dnd a launcher from the panel to the desktop, or if you install a win32 app in wine which installs a desktop link (which will create a desktop file). Or if the sysadmin installed initial app launchers on the desktop. Its true that all of these *could* and *should* mark the file as executable, however since we never demanded that before this would be a regression for many users. Both for old created desktop files and for new ones created by non-updated apps. _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list