IMO the root of the issue is the abuse of the executable bit for things that aren't executable. I posted about this a few years ago, the last time a series of .desktop vulnerabilities came up:
https://www.openwall.com/lists/oss-security/2017/11/08/10
I'm only mentioning it here for posterity; I just realized that I never came back to comment on this bug.
IMO the root of the issue is the abuse of the executable bit for things that aren't executable. I posted about this a few years ago, the last time a series of .desktop vulnerabilities came up:
https:/ /www.openwall. com/lists/ oss-security/ 2017/11/ 08/10
I'm only mentioning it here for posterity; I just realized that I never came back to comment on this bug.