You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2018-04-15 10:17:04
- jkqmehix
- Member
- Registered: 2018-04-15
- Posts: 1
Thunar automatically interprets ".desktop" files
Although Thunar requires the +x flag to interpret and execute ".desktop" files, I still consider it as an undesirable behaviour. If I extract such files from an archive downloaded from the Internet, they can have the +x flag set and will be interpteted automatically. Or other untrusted user on the same machine can create such file in his home directory, which I can browse as root.
For example, this file automatically changes its name to "image.png" and sets a preview. One could easily take it for an image and double click it executing a malicious script.
Some other file managers suffer from the same issue, including Nemo and the worst case PCManFM, which doesn't even require the +x flag and ".desktop" extension. Dolphin on the other hand works as expected, it doesn't allow files to change their names and always asks to execute.
Offline
#2 2018-04-15 14:05:24
- ToZ
- Administrator
- From: Canada
- Registered: 2011-06-02
- Posts: 11,492
Re: Thunar automatically interprets ".desktop" files
Hello and welcome.
Although Thunar requires the +x flag to interpret and execute ".desktop" files, I still consider it as an undesirable behaviour.
In that case, probably best to open a bug report to get the developer's attention.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Pages: 1
- Registered users online in this topic: 0, guests: 1
- [Bot] ClaudeBot
[ Generated in 0.009 seconds, 7 queries executed - Memory usage: 522.89 KiB (Peak: 530.59 KiB) ]