Bug#515104: nautilus: potential exploits via application launchers
Daniel Ruoso
daniel at ruoso.com
Thu Feb 19 15:28:02 UTC 2009
I'd also argue that keeping track of all the points that can create
a .desktop with the x bit set is certainly a much more secure way of
handling this, for instance, the DnD code could check:
Should the permissions be preserved on DnD?
Is the origin file:
* not a .desktop file? force umask
* a remote file? force umask.
* a file in a removable device? force umask.
* owned by an user different than root or self? force umask.
In summary, only preserve permission for .desktop files that are a local
file in a mount point listed in /etc/fstab owned by root or the same
user.
(after all, that's what umask is for)
In the current scheme we have to keep track of all the possible sources
of .desktop files, because once it's in the user dir, it owns it. This
simply won't work.
daniel
More information about the pkg-gnome-maintainers
mailing list