[Thunar-dev] Security issue with .desktop files in Thunar
Jaap Karssenberg
j.g.karssenberg at student.utwente.nl
Tue Apr 11 23:36:17 CEST 2006
Hi,
Attached you find a file that is a modified desktop file of an
application of mine. This desktop file shows up as a well behaved pdf
document in thunar (icon is pdf and the "filename" ends in .pdf !) but
when you click it it will execute some program. Since this program can
also be bash with some inline script as commandline argument this is
quite bad.
I think it would be much better if the "filename" didn't show the "name"
field from the desktop file but just something ending in .desktop .
Cheers!
-- Jaap Karssenberg <pardus at cpan.org>
P.S. didn't check against latest Thunar so my apologies if this is
already fixed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zim_presentation.desktop
Type: application/x-desktop
Size: 374 bytes
Desc: not available
URL: <http://mail.xfce.org/pipermail/thunar-dev/attachments/20060411/8d7b7110/attachment.bin>
More information about the Thunar-dev
mailing list