Potential expoits via application launchers (aka .desktop files)

To: debian-security@lists.debian.org
Subject: Potential expoits via application launchers (aka .desktop files)
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Thu, 12 Feb 2009 16:44:58 -0500
Message-id: <[🔎] 20090212164458.c15cab36.michael.s.gilbert@gmail.com>

A lot of you have probably seen some of the recent coverage about the
potential avenue for exploits via kde and gnome application launchers
(it looks like xfce is safe, for now) [1],[2],[3].  Is there any plan
within debian to begin addressing these concerns?  Where do I even
start reporting bugs to?  Nautilus and dolphin?  I'll wait for lenny to
get out the door rather than submitting these apparently complex and
difficult security (and hence release-critical) issues at the last
minute.

Regards,
Mike

[1] http://www.geekzone.co.nz/foobar/6229
[2] http://www.geekzone.co.nz/foobar/6236
[3] http://lwn.net/Articles/178409/

Reply to:

Follow-Ups:
- Re: Potential expoits via application launchers (aka .desktop files)
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Paper on potential security issues with the linux kernel PRNG
Next by Date: root access on bootup when core-files not found?
Previous by thread: Re: Paper on potential security issues with the linux kernel PRNG
Next by thread: Re: Potential expoits via application launchers (aka .desktop files)
Index(es):
- Date
- Thread