Executable application launcher

Under Linux we are creating launchers for our applications according to the Freedesktop Desktop Entry Specification. With recent versions of Gnome or KDE we get the following launcher:

Untrusted application launcher

Untrusted application launcher

When the launcher is clicked, it is asked whether the application should be trusted.

Why? Because recently the desktop environment developers became aware of the following problem:

Some browser like Firefox are saving files to the desktop. When someone is now providing a link to a file with a .desktop extension, it would appear as a desktop launcher on the desktop. Without any problem it could look like a arbitrary starter e.g. for Firefox (provided the according image like /usr/share/pixmaps/firefox-3.0.png can be correctly guessed) but do something completely different and possibly malignant.

Therefore in recent version of GNOME and KDE the desktop launchers need to have execute permissions (which is not preserved for downloaded files). Then they look and act again as normal:

Executable application launcher

Executable application launcher

So don’t forget to give your desktop launchers execute permissions! 🙂

3 thoughts on “Executable application launcher

  1. Kornelius Rohmeyer Post author

    I guess if one needs that level of security you should give up on desktop launchers for the moment (and your noexec would have not prevented an “Exec=rm -rf ~”). Btw. I have nothing to do with the Gnome project and I’m not responsible for the Gnome design decisions. And I absolutely agree, that storing the “trusted” value in the execute bit of a file is arguable and should be changed.

    Reply
  2. Bgs

    Storing ‘security’ in the exec bit does work as a temporary workaround even if it’s a very ugly approach. My real problem is that they not simply check the bit, but check the ‘executability’ thus forcing you to mount exec. You can have the exec bit set on a noexec mounted partition. This is simply crappy programming.

    Having noexec on /home does count a lot. If you have a properly set up system, where the user can only write to places where there is no execution, you achieve a reasonably secure desktop system.

    I’m forced to hack this feature out of Nautilus as in some places noexec mount is way more important than your desktop icons.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *