[Thunar-dev] Security issue with .desktop files in Thunar
Benedikt Meurer
benedikt.meurer at unix-ag.uni-siegen.de
Tue Apr 11 23:52:38 CEST 2006
Jaap Karssenberg wrote:
> Hi,
>
> Attached you find a file that is a modified desktop file of an
> application of mine. This desktop file shows up as a well behaved pdf
> document in thunar (icon is pdf and the "filename" ends in .pdf !) but
> when you click it it will execute some program. Since this program can
> also be bash with some inline script as commandline argument this is
> quite bad.
>
> I think it would be much better if the "filename" didn't show the "name"
> field from the desktop file but just something ending in .desktop .
This issue is currently being discussed on the xdg mailing list.
> Cheers!
> -- Jaap Karssenberg <pardus at cpan.org>
Benedikt
More information about the Thunar-dev
mailing list