Bug 376858

Summary: [Regression] Execution prompt shown for desktop files in desktop subfolders
Product: [Plasma] plasmashell Reporter: Fabian Vogt <fabian>
Component: Desktop icons & Folder View widgetAssignee: Kai Uwe Broulik <kde>
Status: RESOLVED FIXED    
Severity: normal CC: faure, hein, nate, plasma-bugs-null
Priority: NOR Keywords: regression
Version First Reported In: 5.8.6   
Target Milestone: 1.0   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Fabian Vogt 2017-02-23 20:38:33 UTC 
While https://phabricator.kde.org/D4534 "[Folder View] Don't show script execution prompt on desktop:/" fixed the prompt for executable .desktop files on the desktop directly, it breaks again when those files are in a subfolder on the desktop and accessed through the cascading view.

Maybe the check should be successful for all paths starting from desktop:/ without ".."?

This probably needs some discussion first...
Comment 1 Kai Uwe Broulik 2017-02-23 21:02:51 UTC 
Well, that'll introduce a vunerability when you extract an archive onto your desktop which Ark by default puts into a subdirectory.
Comment 2 Nate Graham 2020-01-23 19:03:51 UTC 
Because ark can make the contents executable, right? Sounds like we need a way to differentiate between an executable file that was locally created by a trusted process (e.g. a desktop file made by KIO) vs one that came from somewhere else or was created by an untrusted process (e.g. downloaded from the internet, un-archived from a zip file, etc).
Comment 3 Nate Graham 2023-04-27 16:53:16 UTC 
This was fixed a while ago. Can confirm it's working now.