Date: Wed, 29 Aug 2012 02:12:51 +0000 From: Alexey Dokuchaev <danfe@FreeBSD.org> To: Chris Rees <crees@FreeBSD.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org, Thomas Abthorpe <tabthorpe@freebsd.org>, Tijl Coosemans <tijl@freebsd.org>, Guido Falsi <madpilot@freebsd.org> Subject: Re: svn commit: r303278 - in head/games/simutrans: . files Message-ID: <20120829021251.GA13534@FreeBSD.org> In-Reply-To: <CADLo838FWg2NH7OkiaRDuqFnWgMRev9ZVbuO%2ByVu9sv%2B8bbJow@mail.gmail.com> References: <201208281203.q7SC3jU7063943@svn.freebsd.org> <20120828145248.GC87067@FreeBSD.org> <503D1845.4090509@FreeBSD.org> <CADLo838FWg2NH7OkiaRDuqFnWgMRev9ZVbuO%2ByVu9sv%2B8bbJow@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 28, 2012 at 09:08:53PM +0100, Chris Rees wrote:
> On 28/08/2012, Guido Falsi <madpilot@freebsd.org> wrote:
> > On 08/28/12 16:52, Alexey Dokuchaev wrote:
> >>> + ${INSTALL_SCRIPT} ${FILESDIR}/simutrans.desktop \
> >>> ${PREFIX}/share/applications/simutrans.desktop
> >>
> >> Why does .desktop file have to have +x bit?
> >
> > I contacted the maintainer, [...] in his own words:
> >
> > Basically KDE counts .desktop files without +x in the user's own desktop
> > as dangerous and warns about this. If a user drags an icon from system
> > wide menu to the desktop it gets copied with same permissions(no +x).
> > KDE people seem to think this is useful to protect from downloaded files.
> >
> > Maintainer is ok to modify the port back to installing without +x if
> > that's the consensus. I also have no problem modifying it if having
> > .desktop files with +x is a problem.
> >
> > Perhaps someone more knowledgeable about KDE than me could also comment
> > on this.
>
> I'm not quite sure that it's a problem-- Alexey has noticed that it's
> unusual to have +X files... but you've provided a perfectly adequate
> explanation :)
>
> Alexey, does this explanation satisfy you too?
It does, however, it means that we've been installing .desktop files with
wrong permissions for a long time in the past, and no one spoke up. This is
strange, and should be investigated. I also support the idea to hear some
competent answer from KDE people. For start, I'm curious if KDE wants +x
bit on .desktop files within ${HOME}, where protection against malicious or
downloaded files makes sense, or across entire filesystem?
In any case, I want one standard way of installing .desktop files, either
with (although I a bit worry about +x on a file what cannot be directly
executed), or without (looks better, but possible security implications are
more important).
./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120829021251.GA13534>