.desktop files and security
Posted Apr 6, 2006 4:17 UTC (Thu) by jmorris42
Parent article: .desktop files and security
> It is not clear that everybody sees a real problem with the capabilities
> of .desktop files.
And if we wait up for the congenital idiots who can't see the evil possibilities in the present situation we will calcify the present crappy situation in stone and be dealing with the consequences for a decade. If anyone wants to know what that future looks like they can boot a virgin install of Windows, connect it to a bare cable modem and wait an hour. This is an easily exploitable problem, we just have to pray it gets fixed before it gets used in the wild.
We all laughed when Microsoft thought it would be a neato idea to hide file extensions. Folks, this gets fixed or someday we are going to get the biggest comeuppance ever imagined. As currently implemented .desktop files are little suprise packages. Some versions of GNOME don't even provide an easy way to see what one is going to do before you launch em.
Security isn't something you do as an afterthought. What were they thinking? What were they smoking! Whatever moron originally implemented this mess needs to be blacklisted from contribution to a major project for at least a decade. Security by design needs to be the watch phrase.
Ok, had to get that rant out of my system...... :)
to post comments)