Re: Help with strings for "solution" for desktop file "virus" problem

[Alexander Larsson <alexl redhat com>]

On Sat, 2009-02-21 at 13:08 +0100, Josselin Mouette wrote:
> Le vendredi 20 février 2009 à 15:21 +0000, Alexander Larsson a écrit :
> > However, I do agree that it is a bit bad that you can be a target of an
> > attack like this without really being able to realize it. So, my current
> > plan is two-fold:
> > 
> > 1) Only detect desktop files with .desktop extension. I.e. we never
> > sniff them for files with no or an invalid extension.
> > 
> > 2) Unless the desktop file is in a system directory or has the execute
> > bit set we don't show the custom icon and display name for the desktop
> > file. (Instead we show the real filename, which will always be *.desktop
> > per 1 above, and the standard "shortcut" icon.)
> 
> Aren’t you forgetting:
> 
> 3) When you DnD a trusted desktop file to the desktop or create the
> launcher yourself, it is marked automatically as trusted.

Obviously we'd need to do this too.

> > Furthermore, when you lauch a non-trusted desktop file we open a dialog
> > where giving some info, plus letting you launch it, mark it executable
> > (if you have the perms) or cancel.
> 
> I agree with the previous remarks about allowing the user to override
> the policy being bad. Instead, we should just do a migration step on
> the .desktop files on the desktop upon upgrade, and mark somewhere (in
> GConf or in a hidden file) that this doesn’t have to be done anymore.

I don't think that is gonna be enough. This will only handle files that
were previously created and files created with the updated gnome. Not
other things like for instance the creation of desktop files from wine.
It also can only handle launchers on the desktop.