On mar, 2009-02-24 at 18:35 -0300, Daniel Ruoso wrote:
> So if a .desktop file appears in the user's Desktop without the x bit
> set and the user clicks it, it won't get executed..
Not exactly. The “safe” .desktop file was in the link I pasted on
another mail in the thread:
/* check if the file tries to look like a regular document (i.e.
* a display name of 'file.png'), maybe a virus or other malware.
*/
fake_mime_info = thunar_vfs_mime_database_get_info_for_name (_thunar_vfs_mime_database, str);
if (fake_mime_info != _thunar_vfs_mime_application_octet_stream && fake_mime_info != info->mime_info)
{
/* release the previous mime info */
thunar_vfs_mime_info_unref (info->mime_info);
/* set the MIME type of the file to 'x-thunar/suspected-malware' to indicate that
* it's not safe to trust the file content and execute it or otherwise operate on it.
*/
info->mime_info = thunar_vfs_mime_database_get_info (_thunar_vfs_mime_database, "x-thunar/suspected-malware");
/* reset the executable flag */
info->flags &= ~THUNAR_VFS_FILE_FLAGS_EXECUTABLE;
/* reset the custom icon */
g_free (info->custom_icon);
info->custom_icon = NULL;
/* reset the name str, so we display the real file name */
name = NULL;
}
Basically, when the .desktop tries to trick the user, it won't be
executed.
Cheers,
--
Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part