Re: [bug-buddy]: Custom scripts for your application




Olav:

Isn't it possible to install .desktop files in the user's $HOME
directory?  If someone were to trick a user into installing a
.desktop file with a script that does something malicious, is there
anything to protect the user from the malicious thing happening the
next time the program corresponding to the desktop file crashes?

Bug-Buddy especially ignores .desktop files in the $HOME directory. This
wasn't actually done as a security issue, just that the system .desktop
file usually is the only one to contain the special Bugzilla headers.

Perhaps a decision about how it should work should be made and
documented so people understand how it is intended to work?

Since .desktop files can be shipped by 3rd parties, is there any
privacy issues about collecting information and forwarding it along
to a bug database.  For example, core files might contain passwords,
so might not be appropriate to forward as an attachment to a public
database.  Will there be any way for the end user to control what
sorts of data can be collected and forwarded with a bug report?

You can see what is collected beforehand.

I'd think it would be nice to completely turn off this feature if the
user doesn't want data collected on their machine to be forwarded
externally.

Brian



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]