You are not logged in.
Hi folks.
This Untrusted application launcher dialog pops up on a seasonal basis for me. Its strange. I did a websearch and there were no definitive answers around that I could see.
So here I am, looking for the definitive answer to the perennial question, how to solve the launcher resulting in the dialog "The desktop file" app.desktop" is in an insecure location and not marked as executable. If you do not trust this program, click Cancel"
The desktop files are "-rwxr-xr-x" and so are executable and owned by me. So that is why I'm hoping for an answer once and for all.
Yet to be answered here and here
Again, internet is bad in my country so please don't be offended if I don't get back to you in a day or so.
Last edited by darrylbudd (2023-01-02 18:02:34)
Offline
There was a change in thunar 4.17.4 due to a security issue. Have a read through https://forum.xfce.org/viewtopic.php?id=16357 to see how the files are trusted now.
Edit: As for existing .desktop files, they are only trusted if they exist in one of the XDG_DATA_DIRS directories. You can symlink files from those directories onto the desktop and they will also be trusted.
Last edited by ToZ (2023-01-02 19:58:01)
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
Thanks ToZ.
So I think I understand the security issue. Archive files can also store whether a file is (x)ecutable and archive files are also commonly used to share files with other people/computers, whereas the gvfs is really is not designed to ever be shared with another person so there is very little chance of a bad executable being 'trusted' moving forward. Is that the basic logic of the security issue?
As for existing .desktop files, they are only trusted if they exist in one of the XDG_DATA_DIRS directories.
Memory is not great re what a XDG_DATA_DIRS is but I'll look it up.
Is it possible to add the checksum to the gvfs metadata by using the GUI, for example the "Mark Executable" button? If so, I'll likely just do that.
Thanks again for highlighting things that have improved in the Xfce universe.
Offline
Thanks ToZ.
So I think I understand the security issue. Archive files can also store whether a file is (x)ecutable and archive files are also commonly used to share files with other people/computers, whereas the gvfs is really is not designed to ever be shared with another person so there is very little chance of a bad executable being 'trusted' moving forward. Is that the basic logic of the security issue?
Thats pretty much how I understand it.
ToZ wrote:As for existing .desktop files, they are only trusted if they exist in one of the XDG_DATA_DIRS directories.
Memory is not great re what a XDG_DATA_DIRS is but I'll look it up.
You can run the following command to see the currently set paths:
env | grep XDG_DATA_DIRS
Is it possible to add the checksum to the gvfs metadata by using the GUI, for example the "Mark Executable" button? If so, I'll likely just do that.
Yes, thats what happens when you use the GUI dialog. The other thread shows you how to do it manually as well.
Thanks again for highlighting things that have improved in the Xfce universe.
No worries.
Please remember to mark your thread [SOLVED] to make it easier for others to find
--- How To Ask For Help | FAQ | Developer Wiki | Community | Contribute ---
Offline
[ Generated in 0.024 seconds, 8 queries executed - Memory usage: 535.33 KiB (Peak: 536.17 KiB) ]