I'm at Southeast LinuxFest right now, listening to Daniel Chen's Linux audio talk. A bit over an hour ago, I finished my presentation on the Linux security myth. It's meant to be accessible to normal users or to geeks needing to explain to normal users. I was asked afterward why I didn't talk about buffer overflows. That's easy: normal users can't do anything about them.
Slide 31 shows what happens when a .desktop is not executable and is in a home directory. Notably, that Fedora and openSUSE make it easy to run anyway, while Ubuntu policy says those buttons aren't OK (thanks James Tatum for the link pointer). I can understand that reasoning, but I don't expect normal people to know how to mark it as trusted or geeks to know that that's a euphemism for "set the executable bit."
No comments:
Post a Comment