Version: 4.6 (using KDE 4.6.0) OS: Linux Right now, KDE executes every script in .kde/env regardless of its executable permission. For coherency with the rest of the system and for security reasons, I think KDE should execute these scripts only if they have the executable permission set for them. Reproducible: Always Steps to Reproduce: 1. Create a script in .kde/env but don't make it executable. 2. Start KDE. Actual Results: 3. The script is executed. Expected Results: The script should only be executed if it has executable permission. Scripts in .kde/env are not restricted to setting environment variables. If a bug in another program can force it to drop a file there, the script will bi executed without being noticed the next time KDE is started.
I think you misunderstood the purpose of those files under ~/.kde4/env. They are used for setting up extra environment variables for your KDE session. So they will and have to be *sourced*, not *executed*, by /usr/bin/startkde. The detail is listed below : libpath=`kde4-config --path lib | tr : '\n'`$(echo -e '\n/etc/kde/lib/') for prefix in `echo "$libpath" | sed -n -e 's,/lib[^/]*/,/env/,p'`; do for file in "$prefix"*.sh; do test -r "$file" && . "$file" done done So only read permission matters, and execution permission does not make difference.
Yes, you're right, I mixed up the concepts. Sorry.