Bug#515104: nautilus: potential exploits via application launchers
Michael S. Gilbert
michael.s.gilbert at gmail.com
Fri Feb 13 15:29:19 UTC 2009
Package: nautilus
Version: 2.20-7
Severity: grave
Tags: security
as you have probably seen by now, there has been a lot of coverage
about the potential avenue for exploits via kde and gnome application
launchers (it looks like xfce is safe, for now) [1], [2], [3].
the core of the problem is that launchers have the ability to execute
perl, python, etc scripts without the executable bit set. this
makes it much easier for an attacker to get the user to download and
run potentially malicious code.
regards,
mike
[1] http://www.geekzone.co.nz/foobar/6229
[2] http://www.geekzone.co.nz/foobar/6236
[3] http://lwn.net/Articles/178409/
More information about the pkg-gnome-maintainers
mailing list