[Thunar-dev] Security issue with .desktop files in Thunar

Benedikt Meurer benedikt.meurer at unix-ag.uni-siegen.de
Tue Apr 11 23:52:38 CEST 2006

Jaap Karssenberg wrote:
> Hi,
> Attached you find a file that is a modified desktop file of an
> application of mine. This desktop file shows up as a well behaved pdf
> document in thunar (icon is pdf and the "filename" ends in .pdf !) but
> when you click it it will execute some program. Since this program can
> also be bash with some inline script as commandline argument this is
> quite bad.
> I think it would be much better if the "filename" didn't show the "name"
> field from the desktop file but just something ending in .desktop .

This issue is currently being discussed on the xdg mailing list.

> Cheers!
> -- Jaap Karssenberg <pardus at cpan.org>


More information about the Thunar-dev mailing list