| |||||||||||||
|
| |||||||||||||
Easily solved - require that .desktop files be executable ("x" bit)Easily solved - require that .desktop files be executable ("x" bit)Posted Feb 19, 2009 15:51 UTC (Thu) by dwheeler (guest, #1216)In reply to: Easily solved - require that .desktop files be executable ("x" bit) by hppnq Parent article: Follow up: How to write a Linux virus
Clearly there is nothing that is foolproof. I think the key rule is that "to get the system into an insecure state, you must perform a special, unusual operation that is almost never requested otherwise, one the user would notice." (This is why Vista's whining is useless - it complains too often, training users to ignore it.) I think "setting the execute bit" can and should be a sufficiently "special, unusual operation" that it counts. "Please turn on the execute bit" should be something that normal users DON'T do, indeed, many GUI users wouldn't even know how to do it, and you could CERTAINLY put in a warning before doing it via a GUI. In contrast, "save a file from the web" is something that almost EVERY modern user does, so by itself "saving a file" should NOT subvert system security. I agree that requiring that .desktop directories be in special trusted directories would work. However, that restriction makes .desktop files fail to work on the actual desktop, which reduces their utility greatly. And really, it seems bizarre that a .desktop file won't work on the desktop :-). But SOME change from the present seems necessary.
(Log in to post comments)
|
|
||||||||||||