Bug 376858 - [Regression] Execution prompt shown for desktop files in desktop subfolders
Summary: [Regression] Execution prompt shown for desktop files in desktop subfolders
Status: RESOLVED FIXED
Alias: None
Product: plasmashell
Classification: Plasma
Component: Folder (show other bugs)
Version: 5.8.6
Platform: openSUSE Linux
: NOR normal
Target Milestone: 1.0
Assignee: Kai Uwe Broulik
URL:
Keywords: regression
Depends on:
Blocks:
 
Reported: 2017-02-23 20:38 UTC by Fabian Vogt
Modified: 2023-04-27 16:53 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Fabian Vogt 2017-02-23 20:38:33 UTC 
While https://phabricator.kde.org/D4534 "[Folder View] Don't show script execution prompt on desktop:/" fixed the prompt for executable .desktop files on the desktop directly, it breaks again when those files are in a subfolder on the desktop and accessed through the cascading view.

Maybe the check should be successful for all paths starting from desktop:/ without ".."?

This probably needs some discussion first...
Comment 1 Kai Uwe Broulik 2017-02-23 21:02:51 UTC 
Well, that'll introduce a vunerability when you extract an archive onto your desktop which Ark by default puts into a subdirectory.
Comment 2 Nate Graham 2020-01-23 19:03:51 UTC 
Because ark can make the contents executable, right? Sounds like we need a way to differentiate between an executable file that was locally created by a trusted process (e.g. a desktop file made by KIO) vs one that came from somewhere else or was created by an untrusted process (e.g. downloaded from the internet, un-archived from a zip file, etc).
Comment 3 Nate Graham 2023-04-27 16:53:16 UTC 
This was fixed a while ago. Can confirm it's working now.