Language Selection

English French German Italian Portuguese Spanish

The potential danger of .desktop files and more

Filed under
Security

In many X11 desktop environments, links to applications are usually represented by files which have the desktop extension in their names. These files, internally, have a format similar to INI files and specify information such as the command to execute and the icon used when representing it. They do not need to have execution permission and may run programs when they are clicked or doubleclicked (depending on your setup). The security implications of this have been already discussed many times before, in places like Linux Weekly News, but I think it hasn’t received enough exposure.

Traditionally, people consider Unix systems more secure for several reasons, one of them being that the ability to execute a program depends on the program having execution permissions, instead of depending on the file extension like Windows systems do. Many people are simply so dumb that if they receive an email message from someone they may not even know, they might follow the instructions in it, including saving an attachment to disk and giving it execution permissions if necessary.

Full Story.

More in Tux Machines

today's howtos

  • Switching Xorg keyboard layout on OpenBSD

    Here’s a few minimalistic options to switch keyboard layout on OpenBSD.

  • Update all Docker Images
  • The Baseline

    Writing your technical documentation so it is easy to understand is good. This does not mean you have to remove information or “dumb down” your text. Often it just means moving things around, changing the focus of a few sentences, or expanding a couple of paragraphs. The content remains the same. What changes is the way you present it. But if you still need convincing on why you should bother going that extra mile, let’s run through some of the reasons. The truth is you never really know who your audience is going to be or how much they know. Internal documentation, aimed initially at a very specific group of people, is often pushed out elsewhere because “it is good enough”, or “we don’t have time (or money) to change it”, or someone found it on the Internet and simply started using it and linking to it. Hence, your documentation will most certainly be used in more ways than you originally anticipated. Your technical manual can get recycled into a user manual, for example. Or Darryl, from sales, may need to convince clients of the benefits of the product, and all he has to build his case on is your technical manual. [...] You could’ve written that paragraph more formally and it would’ve still been easier to understand than the original. Note also how the re-written version contains essentially the same information as the original. The original is just obtuse. Dig out a baseline to kick off your text, yes, but also every time you are about to begin a new section, any time you introduce a new topic, or simply have a tricky paragraph you are not sure how to approach. The baseline will help you focus your text, making the usefulness of what you are describing clearer to the reader throughout. The aim is that your reader, regardless of their level of technical knowledge, can always come away with a broad idea of what you are talking about. If you start by listing features or the libraries used, stating what the thing is instead of what it is used for, or forgetting about your audience entirely (and all these things happen waaaaaaaaaaaaaay more often than you think), the chances of you never getting through but to a small number of readers is virtually guaranteed.

  • 12 Tips to improve GNU/Linux server security | LibreByte

    Any server or device with a public IP address becomes a target for attackers. Therefore, it is of utmost importance to harden the security in order to neutralize any malicious activity, here are 12 tips that will help you improve the security of your server.

  • Create Windows 10 Install Media (USB flash drive) on Linux
  • How to install Teamviewer on Ubuntu 20.04 via command line - Linux Shout

    Here are the commands to install TeamViewer on Ubuntu 20.04 Linux using the official repository of this free remote desktop software

  • How To Install Apache Subversion on Ubuntu 20.04 LTS - idroot

    In this tutorial we will show you how to install Apache Subversion on Ubuntu 20.04 LTS, as well as some extra required package by Apache

  • Install Bacula Backup Server on Ubuntu 20.04

    Bacula is an open-source backup tool that can be used to backup and restore data across the network. It is simple and easy to use tool, and offers many advanced storage management features that help you to backup and recover your lost files easily. It supports Linux, Windows and macOS backup client and also supports a wide range of backup devices. Bacula is made from several components including, Bacula directory, Bacula, console, Bacula storage, Bacula file and Bacula catalog. Each components are responsible for managing specific jobs.

  • How to Run Android on Linux Using Virtual Machine | Beebom

    Learn how to run Android on Linux using Virtual Machine. You can install Android apps and games on Linux and the performance will be better than emulators.

  • How to Use AppImage on Linux (Beginner Guide) – TecAdmin

    The Linux system uses a package manager tool with central repositories like Apt, Yum etc. Which is the traditional way for the applications installation on any Linux system. Some of the application comes with extension .appimage. It may be, you are not much aware about these files. In this tutorial you will learn about the AppImage file. Also you will found details to how to install and use AppImage files on a Linux machine.

  • How to Change Color Schemes in Vim

    Vim is a text editor that can be used to edit all kinds of plain text, especially useful for writing and editing programs. It is also one of the customizable text editors heavily used in Linux operating system. The suitable color in the editor helps you to categorize, analyze and identify bug in the code. You can change color schemes that come with the software package or install vim themes. We are going to use and set Vim color schemes in centos 7 or 8. Though the tutorial is prepared on centos 8, the procedure is same for all the Linux distribution.

  • How to check TLS/SSL certificate expiration date from command-line - nixCraft

    Explains how to check the TLS/SSL certificate expiration date from Linux or Unix CLI and send an email alert using a simple script.

  • How to develop Gstreamer-based video conferencing apps for RDK & Linux set-top boxes

    CNXSoft: This is a guest post by Promwad that explains the basic steps to develop a video conferencing app with Gstreamer on TV boxes running Linux.

  • GStreamer 1.16.3 old-stable bug fix release

    The GStreamer team is pleased to announce the third and likely last bug fix release in the stable 1.16 release series of your favourite cross-platform multimedia framework! This release contains important security fixes. We suggest you upgrade at your earliest convenience, either to 1.16.3 or 1.18.

Audiocasts/Shows: Coder Radio, The Linux Link Tech Show, Talk Python and FLOSS Weekly

  • Leaping Lizard People | Coder Radio 384

    It's confession hour on the podcast, and your hosts surprise each other with several twists and turns.

  • The Linux Link Tech Show Episode 876

    repairing 3ds, power issues, ubuntu 20.10, games

  • Episode #287 Testing without dependencies, mocking in Python - [Talk Python To Me Podcast]

    We know our unit tests should be relatively independent from other parts of the system. For example, running a test shouldn't generally call a credit card possessing API and talk to a database when your goal is just to test the argument validation. And yet, your method does all three of those and more. What do you do? Some languages use elaborate dependency passing frameworks that go under the banner of inversion of control (IoC) and dependency injections (DI). In Python, the most common fix is to temporarily redefine what those two functions do using patching and mocking. On this episode, we welcome back Anna-Lena Pokes to talk us through the whole spectrum of test doubles, dummies, mocks, and more.

  • FLOSS Weekly 601: Open Source Creative - Blender, Gimp, Audacity

    Looking at open source software from a creative lens and discussing the importance and ease of using open-source software to make art, graphics, video, and more. Doc Searls and Jonathan Bennett talk with Jason van Gumster a creator, engineer, and host of the podcast, Open Source Creative. They talk about the positive side of customizing your workplace with open source software such as Blender, Gimp, Hydrogen, and Audacity. They also discuss the simplicity of open source creative software support and the great community surrounding open source creative software.

Ubuntu 20.10 Arrives Today! Here are 11 New Features in Ubuntu 20.10 Groovy Gorilla

Ubuntu 20.10 releases today. An Ubuntu fan may get excited about the new features it brings. Ubuntu 20.10 codenamed Groovy Gorilla is a non-LTS release with nine months of life cycle. You cannot expect drastic changes between subsequent releases. It doesn’t mean you won’t find new things in Ubuntu 20.10. There are some performance improvements, new Linux kernel and visual changes thanks to the latest release of GNOME 3.38 (and other desktop environments in various other Ubuntu flavors). Let’s see what new features Ubuntu 20.10 brings. Read more

Android Leftovers