0

One of the first things I heard about Linux is that it doesn't get any kind of malware. Now, I see it can get malware through WINE and e-mail (although I don't even open attachments or follow links from entities I don't know). So, as far as this goes, one simply should use common sense regarding e-mail, and chose carefully what to run on WINE (and possibly use a separate account for it).

Linux is further protected by the fact that all files are set to not be executable, so even if you get malware, it can't execute. This is what I used to think, but it turns out that in KDE and Gnome environments (according to what I read; it's from 2009, so I don't know if it also happens elsewhere or if it was fixed) have special treatment for something called "launchers", that can only have one command, but this may run a malicious script.

I'd like to know exactly why (if) launchers get special treatment (today and in 2009), how do they look on the terminal (do they seem normal files; what happens if you enter ls -l, etc.), and if this has received any attention from the developers of these platforms.

Improve this question
1
  • Is there something wrong with this question? The lack of comments, views, and votes makes me wonder if it is strictly on-topic and whether the link is trustworthy or not (although as it teaches you do make malware, I guess the guy knows what he is talking about). Commented Aug 28, 2013 at 13:07

1 Answer 1

Reset to default
1

I'm not sure what you mean by "Lanuchers", but from your description you seem to refer to .desktop files, also called "desktop entries", which is a freedesktop.org standard.

There are just simple text files with the extension ".desktop" that have a special "INI-like" format. It is true that desktop entries are "Executables" in the sense that they will run something if a user clicks on them. It is hard for desktop entries to masquerade as other types of files - even though they can display any icon available on the system, their full file name extension is always visible when shown as a file.

I don't really see a lot of abuse for these - because users are not normally allowed to change the system, you can't just have a desktop entry execute rm / -rf. Some (probably) possible scenarios:

  • get a user to download (or save an email attachment) a desktop entry that does calls the user's graphical sudo with a destructive system command (such as rm / -rf) - this can't possibly fool even the simplest of users, as it shows a big scary dialog that requires the user to type in their password and usually shows very clearly what will happen if they do this. This is not MS-Windows UAC, in Linux system operations are scary because people are not expected to do them every day.
  • get a user to download a malicious program and also, in addition, a desktop entry file that includes a command to execute the malicious software - this indeed has the potential to destroy user data, but it can't "infect" other parts of the system or other users, so once you recover from your stupidity using your latest backup, you should be good to go.

Also - please note that all such "exploits" require users to download something to their hard drives, locate it in their Download directory and double click it. I believe it is hard to claim that a user can do this by mistake, so I would not consider support desktop entries to be a security issue, and I expect other developers to have the same opinion.

Improve this answer
3
  • AFAIK (check the link), these .desktop files can execute even if you don't ask. And that is a security issue. Commented Aug 30, 2013 at 16:41
  • Yes, if you manage to put a desktop entry into the user's "auto start" folder, it will auto execute when their session starts. How would you do that? seems to me to be a chicken and egg kind of problem. The premise of the linked article is that you can send a user something which looks like a standard data file but executes code when you run it - this is incorrect because setting the "Name" attribute does not affect how the file looks to a file browser (the desktop is just a file browser view) - it will have a .desktop extension. Commented Aug 30, 2013 at 16:59
  • I guess you're right, it would be tough to get the user to click the “launcher”. I'll accept this answer. Commented Feb 9, 2014 at 19:30

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.