Re: Help with strings for "solution" for desktop file "virus" problem
- From: Stef <stef-list memberwebs com>
- To: Dan Winship <danw gnome org>
- Cc: Alexander Larsson <alexl redhat com>, desktop-devel-list gnome org
- Subject: Re: Help with strings for "solution" for desktop file "virus" problem
- Date: Fri, 20 Feb 2009 17:38:01 +0000 (UTC)
Dan Winship wrote:
> Alexander Larsson wrote:
>> So, there has been a lot of attention on the internets recently about
>> the the desktop file "virus" issue.
>>
>> I think its all pretty overblown, and any solution we have that doesn't
>> completely neuter the feature will just involve users learning to work
>> around the issue in cases where this is correct, and thus are likely to
>> do this when they are targets of an actual attack.
>
> What is the attack? Get someone to download a .desktop file off a web
> page? Is there any situation where that *should* work?
>
> I'd say, something like: if they double click on a non-"trusted"
> .desktop file, give an error saying "The file %s looks like an
> application launcher, but it is broken and cannot be opened." with a
> "More Details" button that explains "For security reasons, launchers
> that are not installed in system directories must have the executable
> bit set". Do not provide a button to fix the problem or a link to
> further help.
+1 from me.
A prompt that easily lets the user continue through to "bad stuff" is
like a speed bump before a cliff. [1]
However one concern may be migration. ie: An admin has deployed some
desktop files without the +x bit on users' desktops. If we all of a
sudden break those then that's a regression.
It may be good to deploy an interim "with fix" dialog for a couple GNOME
releases before switching to the "don't do that" dialog.
Cheers,
Stef
[1] Really need to fix gnome-keyring in this respect (blush).
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
