Dan Kegel wrote: > On Tue, Feb 24, 2009 at 6:07 PM, Scott Ritchie <sc...@open-vote.org> wrote: >> When I brought this up at the Ubuntu Developer Summit a while back, the >> security conscious there wanted to check an executable for the execute >> bit before launching it with Wine. Then, the user would be prompted if >> they wanted to run it, and if yes the execute bit would be set and the >> program launched. >> >> This check would be skipped if you clicked a link on the start menu >> (since you obviously meant to launch a program then). > > Sounds good. A helper app could do this for us, I think. > >> That said, there's no point becoming "safe" until the desktop also >> disables single click running of .desktop files that don't have the >> execute bit set. It's trivial to write a piece of Linux malware that >> does whatever you want by making it a .desktop file - you can even make >> it so it displays as whatever name you like (and not foo.desktop). > > Right. Both changes are needed, the .desktop one more urgently.
That's already solved in nautilus; http://svn.gnome.org/viewvc/nautilus?view=revision&revision=15003 Johan