I'd just like to point out for the record that I think this .desktop file hoopla is just a symptom of a larger major security issue with the Linux desktop;
The issue is caused by the fact that so far security on Linux (and unix in general) has focused mostly on server and multiuser systems. That is the focus (besides code quality in application and external hardening) has been one of isolating and restricting accounts to prevent potentially vulnerable services or user accounts from compromising the security of the entire system. However on a typical user desktop there is only one user. For example, on my laptop I have all my important stuff in my /home directory. If a attacker attacked my laptop and successfully gained access to my user account then there is no need for them ever to get root account... they already have all my information, all my passwords stored in the browser, the ability to monitor myself and applications, etc etc.
So a typical laptop or desktop what is stored in /home/username is as much, or more critical then what is stored in /etc/shadow.
On a modern desktop it's becoming more and more internet oriented. Nowadays you have all sorts of programs regularly going on and connecting to online services, streaming media, downloading files, examining images and other data from untrusted sources, etc etc. All in all it's very complex system and a always-on desktop system can be dealing with upwards to several gigabytes worth of information every month streaming from all corners of the globe.
And then with the rise of mobile internet devices and similar efforts, like Intel's Moblin or other similar systems, it's going to get more and more intense and more and more automated.
So the likelihood of having a exploitable weakness in one of the dozens of applications that regularly connect with the internet is pretty high. Currently browsers get most of the scrutiny, but every application that gets data from untrusted sources is in the same boat. For example; I have to look up and find specifications for hardware regularly on the internet... so I am downloading and viewing PDFs from links from google without having any real idea who made them or were they come from. So a vulnerability in Evince would sink me.
So I figure there needs to be some sort of isolation so that programs that go and connect to the internet or are likely to read data from untrusted sources need to be sandboxed away from the critical areas in my desktop environment... both in terms of files and in terms of what other programs they are allowed to access. I figure something like a 'desktop profile' for Selinux (or simplier framework) would be key.
But I understand that the problems and incompatibilities that this would cause here are vast... So there may be a much more clever way to do this.
I don't know of the proper solution, but I know it's a problem and if we don't start dealing with it now it's going be a much bigger problem in 10 years time or so.
Keep in mind that Microsoft starting introducing a scheme like that with Windows XP SP2 were they are using NTFS's alternative data streams feature to store a security context about files that users deal with. So you have files with 'internet zone' vs 'trusted zone' and things like that. And this scheme has been improved and extended somewhat with later updates and Vista (and in the up and coming Windows 7). Of course the security measures that Windows is able to leverage is much weaker then what is potentially available with Linux, but they have the advantage of having something that works were we have nothing.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds