Hello! Another issue regarding this bug is that noexec is not honored. While e.g. Shell Scripts will only be displayed instead of executed on noexec mounted Filesystems when you click on them - .desktop Files will be executed bypassing noexec security. > Solution: > > Change .desktop file to execute the command inside only if they have > +x bit or - better - change those launcher files so that the first line > would be #!/usr/bin/desktop-launch, with the rest of the script following > afterwards. With the execute bit set this would become merely a normal > script, which is interpreted by the specified separate 'shell' or utility, > rather than something integrated into the desktop Just checking the executable bit won't help with the noexec issue, so the shebang seems to be the better solution. The fact that .desktop files can have any Symbol (e.g. like a Openoffice Document) but can execute arbitrary *remote* Code makes this issue really dangerous for end-users. Regards Markus
Attachment:
signature.asc
Description: This is a digitally signed message part.