.desktop files *are* simple metadata
Posted Apr 11, 2006 18:54 UTC (Tue) by droberge
In reply to: .desktop files and security
Parent article: .desktop files and security
.desktop files aren't scripts; they really are only simple files with key=value pairs. The security problem comes from one of those values being an arbitrary command line and another one being an equally arbitrary image file to use as the icon.
So, say, we could have one with Exec=/bin/rm -rf / and Icon=/path/to/jpeg/icon, which will look like a JPEG image but actually be a data-munching program invocation.
to post comments)