On mar, 2009-02-24 at 16:11 -0300, Daniel Ruoso wrote: > The issue here is about recognizing that .desktop files are executables, > and, as such, must have the x bit set in order to be executed. Depending who executes its. On Xfce, a suspected malicious file won't be executed. > Consider > the user downloading a file from iceweasel, that sends it directly to > the Desktop. In a single step, the file is available with whatever > appearence it desires to and being able to execute whatever it wants to. By who? The Browser? Fix the browser? Cheers, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part