Re: Help with strings for "solution" for desktop file "virus" problem

From: Alexander Larsson <alexl redhat com>
To: Dan Winship <danw gnome org>
Cc: desktop-devel-list gnome org
Subject: Re: Help with strings for "solution" for desktop file "virus" problem
Date: Sat, 21 Feb 2009 11:58:35 +0000

On Fri, 2009-02-20 at 11:44 -0500, Dan Winship wrote:
> Alexander Larsson wrote:
> > So, there has been a lot of attention on the internets recently about
> > the the desktop file "virus" issue.
> > 
> > I think its all pretty overblown, and any solution we have that doesn't
> > completely neuter the feature will just involve users learning to work
> > around the issue in cases where this is correct, and thus are likely to
> > do this when they are targets of an actual attack.
> 
> What is the attack? Get someone to download a .desktop file off a web
> page? Is there any situation where that *should* work?

The more likely attack vector is a mail with "save this nude picture on
the desktop and click on it".

However, there are valid uses. For instance if you dnd a launcher from
the panel to the desktop, or if you install a win32 app in wine which
installs a desktop link (which will create a desktop file). Or if the
sysadmin installed initial app launchers on the desktop.

Its true that all of these *could* and *should* mark the file as
executable, however since we never demanded that before this would be a
regression for many users. Both for old created desktop files and for
new ones created by non-updated apps.

Follow-Ups:
- Re: Help with strings for "solution" for desktop file "virus" problem
  - From: Alan Cox

References:
- Help with strings for "solution" for desktop file "virus" problem
  - From: Alexander Larsson
- Re: Help with strings for "solution" for desktop file "virus" problem
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]