On Tue, Feb 24, 2009 at 6:07 PM, Scott Ritchie scott@open-vote.org wrote:
When I brought this up at the Ubuntu Developer Summit a while back, the security conscious there wanted to check an executable for the execute bit before launching it with Wine. Then, the user would be prompted if they wanted to run it, and if yes the execute bit would be set and the program launched.
This check would be skipped if you clicked a link on the start menu (since you obviously meant to launch a program then).
Sounds good. A helper app could do this for us, I think.
That said, there's no point becoming "safe" until the desktop also disables single click running of .desktop files that don't have the execute bit set. It's trivial to write a piece of Linux malware that does whatever you want by making it a .desktop file - you can even make it so it displays as whatever name you like (and not foo.desktop).
Right. Both changes are needed, the .desktop one more urgently. - Dan