Security warning about just created Xubuntu desktop shortcut
Bug #1327791 reported by
Eero Tamminen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Thunar File Manager |
Confirmed
|
Medium
|
|||
thunar (Ubuntu) |
Triaged
|
Undecided
|
Unassigned |
Bug Description
Setup:
- Fresh Xubuntu 14.04 with all the available updates installed (as of 2014-06-08)
Use-case:
- Create desktop shortcut for Firefox (using content proposed by launcher creation dialog when writing Firefox to first edit box)
- Launch and close Firefox with that shortcut icon several times
Expected outcome:
- Firefox launches fine each time
Actual outcome:
- First time Firefox started fine, next times double clicking on the icon gives a security warning that it's from untrusted source/location
affects: | parole (Ubuntu) → xfdesktop4 (Ubuntu) |
affects: | xfdesktop4 (Ubuntu) → thunar (Ubuntu) |
Changed in thunar: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in thunar (Ubuntu): | |
status: | New → Triaged |
To post a comment you must log in.
With Thunar 1.6 (bug #5012) there is a big security warning when trying to run .desktop files which do not have the executable bit set. This is currently not the case for .desktop files created by a user via exo-desktop- item-edit leading to reports like https:/ /bugzilla. novell. com/show_ bug.cgi? id=801326.
While exo-desktop- item-edit could be changed to set the executable bit by default, there does not seem to be a consensus among different DEs about this behavior so it is still problematic for .desktop files created by another DE, another editor or some installation script. I wonder if there isn't better solution to this or if we can at least get some common way of handling this among DEs?