Rick Moen wrote: > Quoting David Mandelberg (mandelbergd@eth0.is-a-geek.org): >>Do you mean to say that opening "message.txt\t\t\t.desktop" which >>happens to be a freedesktop.org compliant launcher for the program "rm >>-rf $HOME" is safe because it's designed for people running one of the >>F/OSS products GNOME or KDE on a F/OSS OS? > > > Please advise this mailing list of which specific Linux or BSD MUA (or > specific configuration thereof) is willing to execute a received binary > or script attachment. I'll very interested to read your specific report > that details an actual, reproducible test. Attached. Save to your GNOME/KDE desktop (like many newbies do) and double click the new icon. .desktop files (currently) don't need the x bit set to work, so no chmod'ing is necessary. This one is pretty harmless (it just echo's rm -rf $HOME and pauses), but if it had Terminal=false, had the OOo writer icon, a title of something.sxw and actually rm -rf'd $HOME, it would look like a broken OOo document while cleaning some poor newbie's $HOME. -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/CM$/CS>$/CC/IT$/M/S/O/U dpu s+:++ !a C++$>C+++$ UB+++>++++$L++++$*-- P+>++$ L+++(++++)$ E-(---) W+++>$ N(+) o? K- w--(---) O? M V? PS++@ PE-@ Y+@ PGP++(+++)>$ t? 5? X? R tv--(-) b++(+++)@ DI? D? G e->++++ h* r? z* ------END GEEK CODE BLOCK------ David Mandelberg mandelbergd@eth0.is-a-geek.org
Attachment:
message.txt .desktop
Description: application/desktop