svn commit: r303278 - in head/games/simutrans: . files
Guido Falsi
madpilot at FreeBSD.org
Wed Aug 29 09:56:53 UTC 2012
On Wed, Aug 29, 2012 at 02:12:51AM +0000, Alexey Dokuchaev wrote:
> On Tue, Aug 28, 2012 at 09:08:53PM +0100, Chris Rees wrote:
> > On 28/08/2012, Guido Falsi <madpilot at freebsd.org> wrote:
> > > On 08/28/12 16:52, Alexey Dokuchaev wrote:
> > >>> + ${INSTALL_SCRIPT} ${FILESDIR}/simutrans.desktop \
> > >>> ${PREFIX}/share/applications/simutrans.desktop
> > >>
> > >> Why does .desktop file have to have +x bit?
> > >
> > > I contacted the maintainer, [...] in his own words:
> > >
> > > Basically KDE counts .desktop files without +x in the user's own desktop
> > > as dangerous and warns about this. If a user drags an icon from system
> > > wide menu to the desktop it gets copied with same permissions(no +x).
> > > KDE people seem to think this is useful to protect from downloaded files.
> > >
> > > Maintainer is ok to modify the port back to installing without +x if
> > > that's the consensus. I also have no problem modifying it if having
> > > .desktop files with +x is a problem.
> > >
> > > Perhaps someone more knowledgeable about KDE than me could also comment
> > > on this.
> >
> > I'm not quite sure that it's a problem-- Alexey has noticed that it's
> > unusual to have +X files... but you've provided a perfectly adequate
> > explanation :)
> >
> > Alexey, does this explanation satisfy you too?
>
> It does, however, it means that we've been installing .desktop files with
> wrong permissions for a long time in the past, and no one spoke up. This is
> strange, and should be investigated. I also support the idea to hear some
> competent answer from KDE people. For start, I'm curious if KDE wants +x
> bit on .desktop files within ${HOME}, where protection against malicious or
> downloaded files makes sense, or across entire filesystem?
>
> In any case, I want one standard way of installing .desktop files, either
> with (although I a bit worry about +x on a file what cannot be directly
> executed), or without (looks better, but possible security implications are
> more important).
I agree this needs some analysis. I'll leave the games/simutrans port as
is then.
I'll followup this discussion, Hoping we can come to a consensus about
.desktop files.
--
Guido Falsi <madpilot at FreeBSD.org>
More information about the svn-ports-head
mailing list