Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)

To: debian-security@lists.debian.org
Subject: Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)
From: Rick Moen <rick@linuxmafia.com>
Date: Tue, 18 Jan 2005 20:18:39 -0800
Message-id: <[🔎] 20050119041839.GH3376@linuxmafia.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 41EDD7DD.3050702@eth0.is-a-geek.org>
References: <m1CqprA-000omSC@finlandia.Infodrom.North.DE> <[🔎] 41EDD095.5218B68F@patriot.net> <[🔎] 20050119022735.GA728@infidel.spots.ab.ca> <[🔎] 41EDCDC8.3090507@eth0.is-a-geek.org> <[🔎] 20050119030640.GG3376@linuxmafia.com> <[🔎] 41EDD7DD.3050702@eth0.is-a-geek.org>

Quoting David Mandelberg (mandelbergd@eth0.is-a-geek.org):

> Attached.
> 
> Save to your GNOME/KDE desktop (like many newbies do) and double click
> the new icon. .desktop files (currently) don't need the x bit set to
> work, so no chmod'ing is necessary.

I'm sorry, but the question was: 

Please advise this mailing list of which specific Linux or BSD MUA (or
specific configuration thereof) is willing to execute a received
binary or script attachment.  I'll very interested to read your specific
report that details an actual, reproducible test.

You appear to have answered some question I didn't ask.

Reply to:

Follow-Ups:
- Re: .desktop arbitrary program execution
  - From: David Mandelberg <mandelbergd@eth0.is-a-geek.org>
- Re: .desktop arbitrary program execution
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Moe <moel@patriot.net>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: David Mandelberg <mandelbergd@eth0.is-a-geek.org>
- Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
  - From: Rick Moen <rick@linuxmafia.com>
- Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)
  - From: David Mandelberg <mandelbergd@eth0.is-a-geek.org>

Prev by Date: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Next by Date: Re: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution
Previous by thread: Re: .desktop arbitrary program execution (was: [SECURITY] [DSA 644-1] New chbg packages fix arbitrary code execution)
Next by thread: Re: .desktop arbitrary program execution
Index(es):
- Date
- Thread