Follow up: How to write a Linux virus

Scripts, a.out could have a standard icon, as they do now if they show up
in your file listing. And if you click on them permissions are respected. I
suspect that in most cases they don't represent applications that would
show up in a menu.

Java?

Interesting the immediate objection to this. Mustn't bloat the executable.
Lean mean and insecure. Your dpkg or whatever which now contains the icons
and executable would have some files bigger, but less files.

As for anything anyone gets by email or by downloading, that is another
problem. .desktop files are particularly dangerous because they disregard
the permissions scheme, and are opaque in what they run. Downloading a
binary executable now would require setting the executable bit. Downloading
a tar requires extracting the file that could have the executable bit set,
finding it and running it. Having non trivial mechanisms to do that within
the gui would get rid of the non-expert user issue. The real solutions are
probably better handled below the gui level with SElinux or policykit type
stuff. As long as the gui launching respects the permissions, which it
doesn't now.

The problem as it exists is that you are clicking on something that is not
the executable. Essentially the launcher runs a quasi script that is not
subject to the permissions scheme of the os. Note the following link.

http://archive.netbsd.se/?ml=xorg-xdg&a=2006-03&t...

Kinda illustrates why the desire to establish standards is, umm,
counterproductive? We end up with lowest common denominator trash. The
objections end up being something like "this isn't a real solution, so
let's stick with the blatantly insecure".

Derek