Here's a weblog posting by "foobar"
describing an attack vector for desktop Linux systems. "When you save an email attachment under Linux, the execute flag is normally NOT set and thus, the file can't be executed just by clicking on it. So, no luck?
Not so fast. Modern desktop environments, such as Gnome and KDE, conveniently offer a nice 'workaround' called 'launchers'. Those are small files that describe how something should be started. Just a few lines that specify the name, the icon that should be displayed and the actual command to execute. Conveniently, the syntax of those launcher files is the same for Gnome and KDE. And those launchers don't have to have any execute permissions set on them!
" Your editor can't resist pointing out that this problem was covered here
back in 2006. (Thanks to David Skoll).
to post comments)