| |||||||||||||
.desktop files and security.desktop files and securityPosted Apr 6, 2006 4:17 UTC (Thu) by jmorris42 (subscriber, #2203)Parent article: .desktop files and security
> It is not clear that everybody sees a real problem with the capabilities
And if we wait up for the congenital idiots who can't see the evil possibilities in the present situation we will calcify the present crappy situation in stone and be dealing with the consequences for a decade. If anyone wants to know what that future looks like they can boot a virgin install of Windows, connect it to a bare cable modem and wait an hour. This is an easily exploitable problem, we just have to pray it gets fixed before it gets used in the wild.
We all laughed when Microsoft thought it would be a neato idea to hide file extensions. Folks, this gets fixed or someday we are going to get the biggest comeuppance ever imagined. As currently implemented .desktop files are little suprise packages. Some versions of GNOME don't even provide an easy way to see what one is going to do before you launch em.
Security isn't something you do as an afterthought. What were they thinking? What were they smoking! Whatever moron originally implemented this mess needs to be blacklisted from contribution to a major project for at least a decade. Security by design needs to be the watch phrase.
Ok, had to get that rant out of my system...... :)
(Log in to post comments)
.desktop files and security Posted Apr 6, 2006 10:32 UTC (Thu) by Los__D (guest, #15263) [Link] 100% agreed, this is something most of us would have pointed fingers at M$ for doing.
This can't be allowed to happen much more than once, or world dominance will come with loads of desktop systems overtaken by nasty scipts and other malware (And then probably lost again just as fast, as it seems to be one of the top reasons people and companies are considering the switchover. Let's give them a chance to see the rest of the wonders before they regret, eh?)
Dennis
|
|||||||||||||