On Tue, Feb 24, 2009 at 6:07 PM, Scott Ritchie <sc...@open-vote.org> wrote: > When I brought this up at the Ubuntu Developer Summit a while back, the > security conscious there wanted to check an executable for the execute > bit before launching it with Wine. Then, the user would be prompted if > they wanted to run it, and if yes the execute bit would be set and the > program launched. > > This check would be skipped if you clicked a link on the start menu > (since you obviously meant to launch a program then).
Sounds good. A helper app could do this for us, I think. > That said, there's no point becoming "safe" until the desktop also > disables single click running of .desktop files that don't have the > execute bit set. It's trivial to write a piece of Linux malware that > does whatever you want by making it a .desktop file - you can even make > it so it displays as whatever name you like (and not foo.desktop). Right. Both changes are needed, the .desktop one more urgently. - Dan