Le vendredi 20 février 2009 à 15:21 +0000, Alexander Larsson a écrit : > However, I do agree that it is a bit bad that you can be a target of an > attack like this without really being able to realize it. So, my current > plan is two-fold: > > 1) Only detect desktop files with .desktop extension. I.e. we never > sniff them for files with no or an invalid extension. > > 2) Unless the desktop file is in a system directory or has the execute > bit set we don't show the custom icon and display name for the desktop > file. (Instead we show the real filename, which will always be *.desktop > per 1 above, and the standard "shortcut" icon.) Aren’t you forgetting: 3) When you DnD a trusted desktop file to the desktop or create the launcher yourself, it is marked automatically as trusted. > Furthermore, when you lauch a non-trusted desktop file we open a dialog > where giving some info, plus letting you launch it, mark it executable > (if you have the perms) or cancel. I agree with the previous remarks about allowing the user to override the policy being bad. Instead, we should just do a migration step on the .desktop files on the desktop upon upgrade, and mark somewhere (in GConf or in a hidden file) that this doesn’t have to be done anymore. Cheers, -- .''`. Debian 5.0 "Lenny" has been released! : :' : `. `' Last night, Darth Vader came down from planet Vulcan and told `- me that if you don't install Lenny, he'd melt your brain.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=