svn commit: r303278 - in head/games/simutrans: . files

[Alexey Dokuchaev]

On Tue, Aug 28, 2012 at 09:08:53PM +0100, Chris Rees wrote:
> On 28/08/2012, Guido Falsi <madpilot at freebsd.org> wrote:
> > On 08/28/12 16:52, Alexey Dokuchaev wrote:
> >>> +	${INSTALL_SCRIPT} ${FILESDIR}/simutrans.desktop \
> >>>   		${PREFIX}/share/applications/simutrans.desktop
> >>
> >> Why does .desktop file have to have +x bit?
> >
> > I contacted the maintainer, [...] in his own words:
> >
> > Basically KDE counts .desktop files without +x in the user's own desktop
> > as dangerous and warns about this. If a user drags an icon from system
> > wide menu to the desktop it gets copied with same permissions(no +x).
> > KDE people seem to think this is useful to protect from downloaded files.
> >
> > Maintainer is ok to modify the port back to installing without +x if
> > that's the consensus. I also have no problem modifying it if having
> > .desktop files with +x is a problem.
> >
> > Perhaps someone more knowledgeable about KDE than me could also comment
> > on this.
> 
> I'm not quite sure that it's a problem-- Alexey has noticed that it's
> unusual to have +X files... but you've provided a perfectly adequate
> explanation :)
> 
> Alexey, does this explanation satisfy you too?

It does, however, it means that we've been installing .desktop files with
wrong permissions for a long time in the past, and no one spoke up.  This is
strange, and should be investigated.  I also support the idea to hear some
competent answer from KDE people.  For start, I'm curious if KDE wants +x
bit on .desktop files within ${HOME}, where protection against malicious or
downloaded files makes sense, or across entire filesystem?

In any case, I want one standard way of installing .desktop files, either
with (although I a bit worry about +x on a file what cannot be directly
executed), or without (looks better, but possible security implications are
more important).

./danfe