Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Why do these files exist at all?
.desktop files and security
Posted Apr 7, 2006 21:46 UTC (Fri) by brouhaha (subscriber, #1698)
The Macintosh had desktop icons since introduction in 1984, and they didn't (necessarily) have executable scripts or programs behind them.
The .desktop files only need to contain some simple metadata; it would be much more appropriate for them to be XLM, or even simple text files containing key/value pairs.
.desktop files *are* simple metadata
Posted Apr 11, 2006 18:54 UTC (Tue) by droberge (guest, #10852)
.desktop files aren't scripts; they really are only simple files with key=value pairs. The security problem comes from one of those values being an arbitrary command line and another one being an equally arbitrary image file to use as the icon.
So, say, we could have one with Exec=/bin/rm -rf / and Icon=/path/to/jpeg/icon, which will look like a JPEG image but actually be a data-munching program invocation.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds