LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

.desktop files and security

.desktop files and security

Posted Apr 7, 2006 19:49 UTC (Fri) by job (subscriber, #670)
Parent article: .desktop files and security

Why do these files exist at all?

(Log in to post comments)

.desktop files and security

Posted Apr 7, 2006 21:46 UTC (Fri) by brouhaha (subscriber, #1698) [Link]

I think there are obvious reasons why it is desirable to have a standard for files representing desktop icons. The question isn't "why do these files exist", but "why do they have to be written as scripts"?

The Macintosh had desktop icons since introduction in 1984, and they didn't (necessarily) have executable scripts or programs behind them.

The .desktop files only need to contain some simple metadata; it would be much more appropriate for them to be XLM, or even simple text files containing key/value pairs.

.desktop files *are* simple metadata

Posted Apr 11, 2006 18:54 UTC (Tue) by droberge (subscriber, #10852) [Link]

.desktop files aren't scripts; they really are only simple files with key=value pairs. The security problem comes from one of those values being an arbitrary command line and another one being an equally arbitrary image file to use as the icon.

So, say, we could have one with Exec=/bin/rm -rf / and Icon=/path/to/jpeg/icon, which will look like a JPEG image but actually be a data-munching program invocation.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds