On Saturday, February 11, 2017 7:24:11 AM UTC Martin Gräßlin wrote: > What I don't like in general is that this is all happening as $user. > Thus any malicious program running as $user can also just change the > list of trusted Exec= values. > > So my suggestion is: let's use polkit. > > The list of trusted .desktop files must be root owned and per user. > Everytime a user asks for executing a not known (or changed) desktop > file, it goes through polkit. To detect changes of the desktop file I > would suggest to store the shasum of the desktop file in addition. This > would prevent malicious programs to just change the desktop file. > > What do you think? Sensible? Too much?
I like the approach, though it does sound a bit like overkill. But then, going the extra mile to improve security is right within our mission, so I think the approach is feasible, as it provides a lot of value for what we regard as our core competence. I can imagine this mechanism to be useful for other things as well, such as scripts, binaries and such that are user-writable. -- sebas http://www.kde.org • http://vizZzion.org